Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-1088
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
CVSS Score
3.3
EPSS Score
0.001
Published
2017-11-16
CVE-2017-16846
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
CVSS Score
9.8
EPSS Score
0.123
Published
2017-11-16
CVE-2017-16847
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
CVSS Score
9.8
EPSS Score
0.123
Published
2017-11-16
CVE-2017-16848
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
CVSS Score
9.8
EPSS Score
0.095
Published
2017-11-16
CVE-2017-16849
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
CVSS Score
9.8
EPSS Score
0.123
Published
2017-11-16
CVE-2017-16850
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
CVSS Score
9.8
EPSS Score
0.123
Published
2017-11-16
CVE-2017-16851
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
CVSS Score
9.8
EPSS Score
0.123
Published
2017-11-16
CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
CVSS Score
8.1
EPSS Score
0.003
Published
2017-11-16
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
CVSS Score
8.1
EPSS Score
0.007
Published
2017-11-16
CVE-2017-15864
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-11-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved