Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-17792
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-20
CVE-2017-17793
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-20
CVE-2017-17794
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-20
CVE-2017-17795
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-12-20
CVE-2017-17782
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-12-20
CVE-2017-17783
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-12-20
CVE-2017-17784
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-12-20
CVE-2017-17785
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-12-20
CVE-2017-17774
admin/configuration.php in Piwigo 2.9.2 has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-20
CVE-2017-17775
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved