Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-17989
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-30
CVE-2017-17990
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-30
CVE-2017-17991
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-30
CVE-2017-17992
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-12-30
CVE-2017-17993
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-30
CVE-2017-17994
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-30
CVE-2017-17995
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-30
CVE-2017-17975
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-12-30
CVE-2013-4578
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
CVSS Score
5.3
EPSS Score
0.009
Published
2017-12-29
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
CVSS Score
8.8
EPSS Score
0.002
Published
2017-12-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved