Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-18245
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
CVSS Score
5.4
EPSS Score
0.056
Published
2018-12-17
CVE-2018-18246
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-12-17
CVE-2018-18247
Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-17
CVE-2018-18248
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17
CVE-2018-18249
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-12-17
CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-12-17
CVE-2018-19295
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-17
CVE-2018-19649
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17
CVE-2018-19765
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17
CVE-2018-19766
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved