Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
CVSS Score
7.5
EPSS Score
0.025
Published
2019-12-27
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
CVSS Score
7.2
EPSS Score
0.1
Published
2019-12-27
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
CVSS Score
9.8
EPSS Score
0.294
Published
2019-12-27
CVE-2014-4539
Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
CVSS Score
6.1
EPSS Score
0.016
Published
2019-12-27
CVE-2007-0158
thttpd 2007 has buffer underflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-27
CVE-2013-5027
Collabtive 1.0 has incorrect access control
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-27
CVE-2014-4519
Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-12-27
CVE-2014-4592
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
6.1
EPSS Score
0.038
Published
2019-12-27
CVE-2013-4621
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-27
CVE-2013-4692
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
CVSS Score
6.1
EPSS Score
0.04
Published
2019-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved