Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2017
CVE-2017-1000164
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
CVE-2017-1000223
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
CVE-2017-1000225
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
CVSS Score
6.1
EPSS Score
0.006
Published
2017-11-17
CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17
CVE-2017-1000229
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000231
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000232
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000234
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
CVSS Score
5.3
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000235
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVSS Score
9.8
EPSS Score
0.116
Published
2017-11-17
CVE-2017-1000236
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved