Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2018
CVE-2018-20570
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-12-28
CVE-2018-20571
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-12-28
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-28
CVE-2018-20573
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-12-28
CVE-2018-20574
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-12-28
CVE-2018-5203
DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-12-28
CVE-2018-20528
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-12-28
CVE-2018-20530
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-28
CVE-2018-20532
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-12-28
CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-12-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved