Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-35740
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
CVSS Score
7.0
EPSS Score
0.003
Published
2020-12-31
CVE-2020-35741
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
CVSS Score
7.0
EPSS Score
0.003
Published
2020-12-31
CVE-2020-35742
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
CVSS Score
7.0
EPSS Score
0.003
Published
2020-12-31
CVE-2020-35743
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
CVSS Score
7.0
EPSS Score
0.003
Published
2020-12-31
CVE-2020-35851
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
CVSS Score
8.1
EPSS Score
0.008
Published
2020-12-31
CVE-2020-25842
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-31
CVE-2020-25843
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
CVSS Score
8.1
EPSS Score
0.025
Published
2020-12-31
CVE-2019-7725
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).
CVSS Score
9.8
EPSS Score
0.007
Published
2020-12-31
CVE-2019-7726
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
CVSS Score
9.8
EPSS Score
0.007
Published
2020-12-31
CVE-2016-9021
Exponent CMS before 2.6.0 has improper input validation in storeController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved