Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
CVSS Score
9.8
EPSS Score
0.929
Published
2023-12-07
CVE-2023-48860
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-48861
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-48837
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48838
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48839
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48840
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-07
CVE-2023-48841
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
CVE-2023-49225
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-12-07
CVE-2023-48830
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved