Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-19347
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue.
CVSS Score
7.1
EPSS Score
0.001
Published
2018-11-17
CVE-2018-19348
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5" issue.
CVSS Score
7.1
EPSS Score
0.001
Published
2018-11-17
CVE-2018-19333
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-17
CVE-2018-19340
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-17
CVE-2018-19327
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-17
CVE-2018-19328
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-11-17
CVE-2018-19329
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.
CVSS Score
4.9
EPSS Score
0.005
Published
2018-11-17
CVE-2018-19331
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-17
CVE-2018-19332
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-17
CVE-2018-19326
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
CVSS Score
7.5
EPSS Score
0.495
Published
2018-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved