Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-11-20
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
CVSS Score
6.1
EPSS Score
0.045
Published
2018-11-20
CVE-2018-18856
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.
CVSS Score
7.8
EPSS Score
0.012
Published
2018-11-20
CVE-2018-18857
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18858
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18859
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18861
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-11-20
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
CVSS Score
9.6
EPSS Score
0.009
Published
2018-11-20
CVE-2018-18865
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
CVSS Score
8.1
EPSS Score
0.272
Published
2018-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved