#ExploitObserverAlert
CVE-2023-27350
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2023-27350. This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
FIRST-EPSS: 0.972290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27350
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2023-27350. This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
FIRST-EPSS: 0.972290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-9978
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2019-9978. The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
FIRST-EPSS: 0.973230000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-9978
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2019-9978. The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
FIRST-EPSS: 0.973230000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-0174
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-0174. A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.
FIRST-EPSS: 0.009360000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2018-0174
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-0174. A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.
FIRST-EPSS: 0.009360000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-30116
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-30116. Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813
CVE-2021-30116
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-30116. Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813
#ExploitObserverAlert
CVE-2022-3075
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-3075. Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.006370000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2022-3075
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-3075. Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.006370000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-36804
DESCRIPTION: Exploit Observer has 83 entries related to CVE-2022-36804. Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
FIRST-EPSS: 0.971360000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-36804
DESCRIPTION: Exploit Observer has 83 entries related to CVE-2022-36804. Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
FIRST-EPSS: 0.971360000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-6740
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6740. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6740
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6740. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-9822
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-9822. DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
FIRST-EPSS: 0.960980000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-9822
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-9822. DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
FIRST-EPSS: 0.960980000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2014-4404
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-4404. Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
FIRST-EPSS: 0.005100000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2014-4404
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-4404. Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
FIRST-EPSS: 0.005100000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-3560
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2021-3560. It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
FIRST-EPSS: 0.011770000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-3560
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2021-3560. It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
FIRST-EPSS: 0.011770000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-17621
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-17621. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
FIRST-EPSS: 0.971330000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17621
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-17621. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
FIRST-EPSS: 0.971330000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-19949
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19949. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.006720000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-19949
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19949. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.006720000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-5631
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.009860000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-5631
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.009860000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2002-0367
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2002-0367. smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
FIRST-EPSS: 0.000920000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2002-0367
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2002-0367. smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
FIRST-EPSS: 0.000920000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-33766
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-33766. Microsoft Exchange Information Disclosure Vulnerability
FIRST-EPSS: 0.930380000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-33766
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-33766. Microsoft Exchange Information Disclosure Vulnerability
FIRST-EPSS: 0.930380000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-42793
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-42793
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-0752
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-0752. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
FIRST-EPSS: 0.954960000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2019-0752
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-0752. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
FIRST-EPSS: 0.954960000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2017-0149
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-0149. Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
FIRST-EPSS: 0.128150000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2017-0149
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-0149. Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
FIRST-EPSS: 0.128150000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-22536
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.957010000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2022-22536
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.957010000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-4171
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-4171. Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
FIRST-EPSS: 0.156030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4171
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-4171. Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
FIRST-EPSS: 0.156030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2013-2423
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-2423. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
FIRST-EPSS: 0.974920000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2013-2423
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-2423. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
FIRST-EPSS: 0.974920000
NVD-IS: 2.9
NVD-ES: 8.6