Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
CVSS Score
9.8
EPSS Score
0.095
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
CVSS Score
9.8
EPSS Score
0.09
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
CVSS Score
9.8
EPSS Score
0.076
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
CVSS Score
7.2
EPSS Score
0.052
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
CVSS Score
9.8
EPSS Score
0.082
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
CVSS Score
7.2
EPSS Score
0.038
Published
2018-04-18
Mautic before v2.13.0 has stored XSS via a theme config file.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-04-18
Mautic before 2.13.0 allows CSV injection.
CVSS Score
9.8
EPSS Score
0.017
Published
2018-04-18
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-04-18
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-04-18


Contact Us

Shodan ® - All rights reserved