Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-1000866
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM
CVSS Score
8.8
EPSS Score
0.007
Published
2018-12-10
CVE-2018-1671
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-10
CVE-2018-1957
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.
CVSS Score
4.0
EPSS Score
0.001
Published
2018-12-10
CVE-2016-10502
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-12-10
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-12-10
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-12-10
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-12-10
CVE-2018-20012
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-12-10
CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-10
CVE-2018-20017
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved