Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-19497
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
CVSS Score
6.5
EPSS Score
0.026
Published
2018-11-29
CVE-2018-19527
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-29
CVE-2018-18619
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
CVSS Score
9.8
EPSS Score
0.035
Published
2018-11-29
CVE-2018-19749
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-29
CVE-2018-19750
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-29
CVE-2018-19751
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-29
CVE-2018-19752
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-29
CVE-2018-15537
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
CVSS Score
8.8
EPSS Score
0.023
Published
2018-11-29
CVE-2018-19120
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-29
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).
CVSS Score
7.5
EPSS Score
0.008
Published
2018-11-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved