Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-19127
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
CVSS Score
9.8
EPSS Score
0.848
Published
2018-11-09
CVE-2018-19133
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-11-09
CVE-2018-19121
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-11-09
CVE-2018-19122
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-11-09
CVE-2018-19124
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-11-09
CVE-2018-19125
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
CVSS Score
7.5
EPSS Score
0.159
Published
2018-11-09
CVE-2018-19126
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
CVSS Score
9.8
EPSS Score
0.547
Published
2018-11-09
CVE-2018-19128
In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-09
CVE-2018-19129
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-09
CVE-2018-19130
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127
CVSS Score
6.5
EPSS Score
0.003
Published
2018-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved