Shodan

74.207.234.187

Regular View Raw Data
Last Seen: 2024-09-12

GeneralInformation

Hostnames fujikihastings.com
li76-187.members.linode.com
Domains fujikihastings.com linode.com 
Cloud Provider Linode
Cloud Region us-ga
Country United States
City Atlanta
Organization Linode
ISP Akamai Connected Cloud
ASN AS63949

WebTechnologies

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts 

-187093103 | 2024-09-10T21:35:42.149850
22 / tcp 
-906382648 | 2024-09-11T15:23:24.574657
80 / tcp 
-1398775644 | 2024-09-12T07:59:18.772054
443 / tcp



Products
Pricing
Contact Us

Shodan ® - All rights reserved

\", which results in the enclosed script logic to be executed.","verified":false},"CVE-2019-20372":{"cvss":4.3,"ports":[80,443],"summary":"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.","verified":false},"CVE-2019-11358":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","verified":false},"CVE-2018-16845":{"cvss":5.8,"ports":[80,443],"summary":"nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.","verified":false},"CVE-2017-20005":{"cvss":7.5,"ports":[80,443],"summary":"NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.","verified":false},"CVE-2017-7529":{"cvss":5.0,"ports":[80,443],"summary":"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.","verified":false},"CVE-2016-4450":{"cvss":5.0,"ports":[80,443],"summary":"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.","verified":false},"CVE-2016-1247":{"cvss":7.2,"ports":[80,443],"summary":"The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.","verified":false},"CVE-2016-0747":{"cvss":5.0,"ports":[80,443],"summary":"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.","verified":false},"CVE-2016-0746":{"cvss":7.5,"ports":[80,443],"summary":"Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.","verified":false},"CVE-2016-0742":{"cvss":5.0,"ports":[80,443],"summary":"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.","verified":false},"CVE-2015-9251":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.","verified":false},"CVE-2012-6708":{"cvss":4.3,"ports":[80],"summary":"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.","verified":false},"CVE-2011-4969":{"cvss":4.3,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.","verified":false}}; setupBannerCve(); setupVulns(VULNS); })();