Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-15892
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-28
CVE-2017-5641
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.
CVSS Score
9.8
EPSS Score
0.486
Published
2017-12-28
CVE-2017-17932
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
CVSS Score
9.8
EPSS Score
0.78
Published
2017-12-28
CVE-2017-17936
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-28
CVE-2017-17937
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
CVE-2017-17938
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-28
CVE-2017-17939
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-28
CVE-2017-17940
PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-28
CVE-2017-17941
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2017-12-28
CVE-2017-17942
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-12-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved