#ExploitObserverAlert
CVE-2013-3900
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-3900. The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
FIRST-EPSS: 0.414100000
NVD-IS: 10.0
NVD-ES: 4.9
CVE-2013-3900
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-3900. The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
FIRST-EPSS: 0.414100000
NVD-IS: 10.0
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2018-11138
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-11138. The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
FIRST-EPSS: 0.911510000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-11138
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-11138. The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
FIRST-EPSS: 0.911510000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-38406
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-38406. Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
FIRST-EPSS: 0.929090000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-38406
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-38406. Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
FIRST-EPSS: 0.929090000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-1003030
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1003030. A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.006590000
NVD-IS: 6.0
NVD-ES: 3.1
CVE-2019-1003030
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1003030. A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.006590000
NVD-IS: 6.0
NVD-ES: 3.1
#ExploitObserverAlert
CVE-2018-2380
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-2380. SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
FIRST-EPSS: 0.027900000
NVD-IS: 3.7
NVD-ES: 2.3
CVE-2018-2380
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-2380. SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
FIRST-EPSS: 0.027900000
NVD-IS: 3.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2015-4852
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2015-4852. The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
FIRST-EPSS: 0.966900000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2015-4852
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2015-4852. The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
FIRST-EPSS: 0.966900000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-3236
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-3236. A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
FIRST-EPSS: 0.106520000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-3236
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-3236. A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
FIRST-EPSS: 0.106520000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-20963
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-20963. In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-20963
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-20963. In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-19321
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-19321. The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-19321
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-19321. The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-30333
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2022-30333. RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
FIRST-EPSS: 0.805220000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-30333
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2022-30333. RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
FIRST-EPSS: 0.805220000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-10561
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-10561. An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
FIRST-EPSS: 0.971660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-10561
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-10561. An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
FIRST-EPSS: 0.971660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-16759
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2019-16759. vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
FIRST-EPSS: 0.975340000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-16759
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2019-16759. vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
FIRST-EPSS: 0.975340000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-6882
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-6882. Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
FIRST-EPSS: 0.007490000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2018-6882
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-6882. Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
FIRST-EPSS: 0.007490000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2013-2094
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2013-2094. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
FIRST-EPSS: 0.000660000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2013-2094
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2013-2094. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
FIRST-EPSS: 0.000660000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0175
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-0175. Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
FIRST-EPSS: 0.002860000
NVD-IS: 5.9
NVD-ES: 2.1
CVE-2018-0175
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-0175. Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
FIRST-EPSS: 0.002860000
NVD-IS: 5.9
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2017-3881
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2017-3881. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
FIRST-EPSS: 0.974700000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-3881
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2017-3881. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
FIRST-EPSS: 0.974700000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22675
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-22675. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-22675
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-22675. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-14558
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-14558. An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
FIRST-EPSS: 0.936190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-14558
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-14558. An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
FIRST-EPSS: 0.936190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-3161
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-3161. A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
FIRST-EPSS: 0.014320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-3161
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-3161. A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
FIRST-EPSS: 0.014320000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0154
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2018-0154. A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-0154
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2018-0154. A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0386
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2023-0386. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-0386
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2023-0386. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8