Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2020-9459
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-28
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVSS Score
8.6
EPSS Score
0.004
Published
2020-02-28
CVE-2019-10801
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-02-28
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-02-28
CVE-2019-15609
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
CVSS Score
9.8
EPSS Score
0.072
Published
2020-02-28
CVE-2019-19943
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
CVSS Score
7.5
EPSS Score
0.025
Published
2020-02-28
CVE-2020-8127
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-02-28
CVE-2020-8132
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-28
CVE-2020-9465
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
CVSS Score
9.8
EPSS Score
0.828
Published
2020-02-28
CVE-2020-9466
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved