Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-25051
An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-03-02
CVE-2022-25010
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-03-01
CVE-2022-25012
Argus Surveillance DVR v4.0 employs weak password encryption.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-03-01
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
CVSS Score
8.8
EPSS Score
0.913
Published
2022-03-01
CVE-2021-41652
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-01
CVE-2022-24251
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-03-01
CVE-2022-24252
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
CVSS Score
8.8
EPSS Score
0.022
Published
2022-03-01
CVE-2022-24253
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-03-01
CVE-2022-24254
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
CVSS Score
8.8
EPSS Score
0.026
Published
2022-03-01
CVE-2022-24255
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved