Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-35245
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-26
CVE-2020-28759
The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-12-26
CVE-2020-35364
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-26
CVE-2020-35284
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-26
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-26
CVE-2020-35359
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-12-26
CVE-2020-35450
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-26
CVE-2020-20412
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-12-26
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-26
CVE-2020-35347
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved