Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2019-20201
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-31
CVE-2019-20202
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-31
CVE-2015-5593
The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-31
CVE-2015-5595
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-31
CVE-2019-20198
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-12-31
CVE-2019-20199
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
CVSS Score
6.5
EPSS Score
0.008
Published
2019-12-31
CVE-2019-20200
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-12-31
CVE-2015-5591
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
CVSS Score
7.2
EPSS Score
0.053
Published
2019-12-31
CVE-2015-5592
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-12-31
CVE-2019-18568
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
CVSS Score
8.1
EPSS Score
0.001
Published
2019-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved