Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-3650
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-13
CVE-2019-3651
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-13
CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-13
CVE-2019-18923
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-13
CVE-2010-4664
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-13
CVE-2010-4817
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-11-13
CVE-2013-3097
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-13
CVE-2013-3366
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-13
CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-13
CVE-2019-0385
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved