Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-19468
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-23
CVE-2018-19469
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-23
CVE-2018-19475
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVSS Score
7.8
EPSS Score
0.718
Published
2018-11-23
CVE-2018-19476
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVSS Score
7.8
EPSS Score
0.009
Published
2018-11-23
CVE-2018-19477
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVSS Score
7.8
EPSS Score
0.009
Published
2018-11-23
CVE-2018-19463
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication
CVSS Score
8.8
EPSS Score
0.012
Published
2018-11-22
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-22
CVE-2018-19457
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
CVSS Score
7.2
EPSS Score
0.1
Published
2018-11-22
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
CVSS Score
7.5
EPSS Score
0.8
Published
2018-11-22
CVE-2018-19459
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
CVSS Score
7.8
EPSS Score
0.018
Published
2018-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved