Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-18001
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
CVSS Score
9.8
EPSS Score
0.217
Published
2017-12-31
CVE-2017-18004
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-31
CVE-2017-18005
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-12-31
CVE-2017-17704
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
CVSS Score
7.4
EPSS Score
0.002
Published
2017-12-31
CVE-2016-10704
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-12-30
CVE-2017-14855
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.
CVSS Score
8.6
EPSS Score
0.006
Published
2017-12-30
CVE-2017-17089
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-30
CVE-2017-12810
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-30
CVE-2017-12811
PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-30
CVE-2017-12812
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved