#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 257 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 257 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23397
DESCRIPTION: Exploit Observer has 152 entries related to CVE-2023-23397. Microsoft Outlook Elevation of Privilege Vulnerability
FIRST-EPSS: 0.891780000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-23397
DESCRIPTION: Exploit Observer has 152 entries related to CVE-2023-23397. Microsoft Outlook Elevation of Privilege Vulnerability
FIRST-EPSS: 0.891780000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4113
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4113. A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.003010000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-4113
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4113. A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.003010000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-45143
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-45143. The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
FIRST-EPSS: 0.002540000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-45143
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-45143. The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
FIRST-EPSS: 0.002540000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-48503
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-48503. The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
FIRST-EPSS: 0.000850000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-48503
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-48503. The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
FIRST-EPSS: 0.000850000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-9757
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-9757. The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
FIRST-EPSS: 0.970310000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-9757
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-9757. The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
FIRST-EPSS: 0.970310000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-0546
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2014-0546. Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
FIRST-EPSS: 0.012630000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2014-0546
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2014-0546. Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
FIRST-EPSS: 0.012630000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2018-0802
DESCRIPTION: Exploit Observer has 78 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
FIRST-EPSS: 0.973170000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-0802
DESCRIPTION: Exploit Observer has 78 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
FIRST-EPSS: 0.973170000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-32031
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-32031. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.143360000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-32031
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-32031. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.143360000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-0982
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2018-0982. An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2018-0982
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2018-0982. An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2019-15092
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2019-15092. The webtoffee "WordPress Users
CVE-2019-15092
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2019-15092. The webtoffee "WordPress Users
#ExploitObserverAlert
CVE-2019-0708
DESCRIPTION: Exploit Observer has 455 entries related to CVE-2019-0708. A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.975050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-0708
DESCRIPTION: Exploit Observer has 455 entries related to CVE-2019-0708. A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.975050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-26706
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-26706. An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
FIRST-EPSS: 0.000730000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2022-26706
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-26706. An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
FIRST-EPSS: 0.000730000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-6376
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2018-6376. In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
FIRST-EPSS: 0.223450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-6376
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2018-6376. In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
FIRST-EPSS: 0.223450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2009-4623
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2009-4623. Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
FIRST-EPSS: 0.011360000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2009-4623
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2009-4623. Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
FIRST-EPSS: 0.011360000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-12352
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-12352. Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-12352
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-12352. Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-24490
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-24490. Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
FIRST-EPSS: 0.000620000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-24490
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-24490. Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
FIRST-EPSS: 0.000620000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-7494
DESCRIPTION: Exploit Observer has 265 entries related to CVE-2017-7494. Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-7494
DESCRIPTION: Exploit Observer has 265 entries related to CVE-2017-7494. Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-8715
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-8715. The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
FIRST-EPSS: 0.000580000
NVD-IS: 3.4
NVD-ES: 1.8
CVE-2017-8715
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-8715. The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
FIRST-EPSS: 0.000580000
NVD-IS: 3.4
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-18619
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.005080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-18619
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.005080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8210
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2018-8210. A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.
FIRST-EPSS: 0.083790000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8210
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2018-8210. A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.
FIRST-EPSS: 0.083790000
NVD-IS: 5.9
NVD-ES: 1.8