#ExploitObserverAlert
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
#ExploitObserverAlert
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2016-0034
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-0034. Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
FIRST-EPSS: 0.788260000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-0034
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-0034. Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
FIRST-EPSS: 0.788260000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-10174
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-10174. The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-10174
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-10174. The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-1579
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1579. Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
FIRST-EPSS: 0.746870000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-1579
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1579. Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
FIRST-EPSS: 0.746870000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2015-1671
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-1671. The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
FIRST-EPSS: 0.237890000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-1671
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-1671. The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
FIRST-EPSS: 0.237890000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2014-4077
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2014-4077. Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
FIRST-EPSS: 0.007390000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2014-4077
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2014-4077. Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
FIRST-EPSS: 0.007390000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2018-0167
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-0167. Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-0167
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-0167. Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-8655
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8655. An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
FIRST-EPSS: 0.003830000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-8655
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8655. An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
FIRST-EPSS: 0.003830000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-1652
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2019-1652. A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
FIRST-EPSS: 0.974590000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2019-1652
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2019-1652. A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
FIRST-EPSS: 0.974590000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-1497
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-1497. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-1497
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-1497. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-3043
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2015-3043. Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
FIRST-EPSS: 0.044690000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-3043
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2015-3043. Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
FIRST-EPSS: 0.044690000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-30551
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2021-30551. Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.202830000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-30551
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2021-30551. Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.202830000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-1642
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2015-1642. Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.964250000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-1642
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2015-1642. Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.964250000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-39144
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2021-39144. XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
FIRST-EPSS: 0.962720000
NVD-IS: 6.0
NVD-ES: 1.8
CVE-2021-39144
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2021-39144. XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
FIRST-EPSS: 0.962720000
NVD-IS: 6.0
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-4135
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-4135. Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.011730000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2022-4135
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-4135. Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.011730000
NVD-IS: 6.0
NVD-ES: 2.8