Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2016
CVE-2015-1000002
Open Proxy in filedownload v1.4 wordpress plugin
CVSS Score
8.2
EPSS Score
0.031
Published
2016-10-06
CVE-2015-1000001
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
CVSS Score
9.8
EPSS Score
0.078
Published
2016-10-06
CVE-2015-1000000
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
CVSS Score
9.8
EPSS Score
0.101
Published
2016-10-06
CVE-2016-6653
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
CVSS Score
7.5
EPSS Score
0.003
Published
2016-10-06
CVE-2016-6436
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-10-06
CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
CVSS Score
6.5
EPSS Score
0.55
Published
2016-10-06
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
CVSS Score
7.8
EPSS Score
0.004
Published
2016-10-06
CVE-2016-6433
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
CVSS Score
8.8
EPSS Score
0.726
Published
2016-10-06
CVE-2016-6428
Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-10-06
CVE-2016-6427
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved