Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2011-3585
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
CVSS Score
4.7
EPSS Score
0.005
Published
2019-12-31
CVE-2013-7070
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
CVSS Score
9.8
EPSS Score
0.046
Published
2019-12-31
CVE-2013-7071
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-31
CVE-2004-2776
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
CVSS Score
9.8
EPSS Score
0.022
Published
2019-12-31
CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-31
CVE-2013-4357
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-12-31
CVE-2019-20197
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
CVSS Score
8.8
EPSS Score
0.436
Published
2019-12-31
CVE-2019-10227
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-31
CVE-2019-14466
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-31
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
CVSS Score
9.8
EPSS Score
0.033
Published
2019-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved