Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
CVSS Score
9.8
EPSS Score
0.069
Published
2017-12-18
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
CVSS Score
5.4
EPSS Score
0.007
Published
2017-12-18
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-12-18
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-18
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-18
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2017-12-18
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-12-18
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-12-18
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18


Contact Us

Shodan ® - All rights reserved