Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVSS Score
5.9
EPSS Score
0.061
Published
2018-10-30
CVE-2018-18832
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18834
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-10-30
CVE-2018-18835
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-10-30
CVE-2018-18840
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18841
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18842
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18822
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18825
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18826
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved