Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-45461
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-11-17
CVE-2022-42954
Keyfactor EJBCA before 7.10.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.008
Published
2022-11-17
CVE-2022-42982
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-17
CVE-2022-42985
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-36432
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-17
CVE-2022-39834
A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-11-17
CVE-2022-42245
Dreamer CMS 4.0.01 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-42246
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
CVE-2022-40881
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
CVSS Score
9.8
EPSS Score
0.937
Published
2022-11-17
CVE-2022-42187
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved