#ExploitObserverAlert
CVE-2002-1120
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2002-1120. Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
FIRST-EPSS: 0.204310000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2002-1120
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2002-1120. Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
FIRST-EPSS: 0.204310000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2008-3431
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2008-3431. The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
FIRST-EPSS: 0.000430000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2008-3431
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2008-3431. The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
FIRST-EPSS: 0.000430000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-8467
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-8467. A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
FIRST-EPSS: 0.019710000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-8467
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-8467. A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
FIRST-EPSS: 0.019710000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2009-0557
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2009-0557. Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
FIRST-EPSS: 0.970310000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2009-0557
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2009-0557. Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
FIRST-EPSS: 0.970310000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-0984
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2016-0984. Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK
CVE-2016-0984
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2016-0984. Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK
#ExploitObserverAlert
CVE-2011-2462
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2011-2462. Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
FIRST-EPSS: 0.971880000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2011-2462
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2011-2462. Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
FIRST-EPSS: 0.971880000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2015-2424
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2015-2424. Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.610670000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-2424
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2015-2424. Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.610670000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2014-0546
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2014-0546. Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
FIRST-EPSS: 0.012630000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2014-0546
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2014-0546. Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
FIRST-EPSS: 0.012630000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2017-12234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-12234. Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-12234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-12234. Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.
FIRST-EPSS: 0.003030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2010-1871
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2010-1871. JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
FIRST-EPSS: 0.967740000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2010-1871
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2010-1871. JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
FIRST-EPSS: 0.967740000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2023-23376
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23376. Windows Common Log File System Driver Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000600000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-23376
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23376. Windows Common Log File System Driver Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000600000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2016-3715
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2016-3715. The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
FIRST-EPSS: 0.971270000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2016-3715
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2016-3715. The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
FIRST-EPSS: 0.971270000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-11357
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-11357. Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
FIRST-EPSS: 0.653970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-11357
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-11357. Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
FIRST-EPSS: 0.653970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-25370
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-25370. An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
FIRST-EPSS: 0.002000000
NVD-IS: 3.6
NVD-ES: 0.8
CVE-2021-25370
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-25370. An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
FIRST-EPSS: 0.002000000
NVD-IS: 3.6
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2021-3129
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-3129
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-34523
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2021-34523. Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.
FIRST-EPSS: 0.972790000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-34523
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2021-34523. Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.
FIRST-EPSS: 0.972790000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-14847
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2018-14847. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
FIRST-EPSS: 0.974830000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2018-14847
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2018-14847. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
FIRST-EPSS: 0.974830000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2009-2055
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2009-2055. Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
FIRST-EPSS: 0.009550000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2009-2055
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2009-2055. Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
FIRST-EPSS: 0.009550000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-0859
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-0859. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-0859
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-0859. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-1498
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-1498. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-1498
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-1498. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36537
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-36537. ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
FIRST-EPSS: 0.928620000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-36537
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-36537. ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
FIRST-EPSS: 0.928620000
NVD-IS: 3.6
NVD-ES: 3.9