Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
CVSS Score
6.5
EPSS Score
0.011
Published
2018-11-15
CVE-2018-19286
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
CVE-2018-19287
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
CVSS Score
6.1
EPSS Score
0.193
Published
2018-11-15
CVE-2018-19288
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-15
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
CVE-2018-19291
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-15
CVE-2018-19279
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-11-14
CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-11-14
CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-14
CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVSS Score
6.1
EPSS Score
0.015
Published
2018-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved