Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-19457
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
CVSS Score
7.2
EPSS Score
0.1
Published
2018-11-22
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
CVSS Score
7.5
EPSS Score
0.8
Published
2018-11-22
CVE-2018-19459
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
CVSS Score
7.8
EPSS Score
0.018
Published
2018-11-22
CVE-2018-19443
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-11-22
CVE-2018-19433
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-22
CVE-2018-19434
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
CVE-2018-19435
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
CVE-2018-19436
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
CVE-2018-19437
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-11-22
CVE-2018-19432
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved