Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2016-9022
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
CVE-2016-9023
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
CVE-2016-9025
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
CVE-2016-9026
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.
CVSS Score
9.8
EPSS Score
0.085
Published
2020-12-31
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-12-31
CVE-2020-17363
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
CVSS Score
9.9
EPSS Score
0.067
Published
2020-12-31
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
CVSS Score
8.8
EPSS Score
0.094
Published
2020-12-31
CVE-2019-20808
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-12-31
CVE-2020-11947
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
CVSS Score
3.8
EPSS Score
0.001
Published
2020-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved