#ExploitObserverAlert
CVE-2018-14847
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2018-14847. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
FIRST-EPSS: 0.974830000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2018-14847
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2018-14847. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
FIRST-EPSS: 0.974830000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2009-2055
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2009-2055. Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
FIRST-EPSS: 0.009550000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2009-2055
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2009-2055. Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
FIRST-EPSS: 0.009550000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-0859
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-0859. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-0859
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-0859. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-1498
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-1498. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-1498
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-1498. Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.975140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36537
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-36537. ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
FIRST-EPSS: 0.928620000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-36537
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-36537. ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
FIRST-EPSS: 0.928620000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-23119
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-23119. A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
FIRST-EPSS: 0.001930000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-23119
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-23119. A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
FIRST-EPSS: 0.001930000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8373
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-8373. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
FIRST-EPSS: 0.967480000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8373
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-8373. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
FIRST-EPSS: 0.967480000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2020-5722
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-5722. The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
FIRST-EPSS: 0.974970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-5722
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-5722. The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
FIRST-EPSS: 0.974970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-41073
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-41073. Windows Print Spooler Elevation of Privilege Vulnerability
FIRST-EPSS: 0.003100000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-41073
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-41073. Windows Print Spooler Elevation of Privilege Vulnerability
FIRST-EPSS: 0.003100000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2012-0767
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2012-0767. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
FIRST-EPSS: 0.002780000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2012-0767
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2012-0767. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
FIRST-EPSS: 0.002780000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-26857
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2021-26857. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.663690000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-26857
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2021-26857. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.663690000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-13671
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-13671. Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
FIRST-EPSS: 0.012430000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-13671
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-13671. Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
FIRST-EPSS: 0.012430000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2011-1823
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2011-1823. The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
FIRST-EPSS: 0.000730000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2011-1823
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2011-1823. The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
FIRST-EPSS: 0.000730000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-1388
DESCRIPTION: Exploit Observer has 212 entries related to CVE-2022-1388. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
FIRST-EPSS: 0.973550000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-1388
DESCRIPTION: Exploit Observer has 212 entries related to CVE-2022-1388. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
FIRST-EPSS: 0.973550000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22960
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-22960. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-22960
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2022-22960. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-6340
DESCRIPTION: Exploit Observer has 67 entries related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
FIRST-EPSS: 0.974840000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-6340
DESCRIPTION: Exploit Observer has 67 entries related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
FIRST-EPSS: 0.974840000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2019-11634
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11634. Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
FIRST-EPSS: 0.023530000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11634
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11634. Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
FIRST-EPSS: 0.023530000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-8759
DESCRIPTION: Exploit Observer has 118 entries related to CVE-2017-8759. Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
FIRST-EPSS: 0.970420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-8759
DESCRIPTION: Exploit Observer has 118 entries related to CVE-2017-8759. Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
FIRST-EPSS: 0.970420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-8543
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-8543. Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
FIRST-EPSS: 0.308990000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-8543
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-8543. Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
FIRST-EPSS: 0.308990000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11043
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2019-11043. In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
FIRST-EPSS: 0.974690000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11043
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2019-11043. In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
FIRST-EPSS: 0.974690000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-0210
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-0210. An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.004740000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2017-0210
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-0210. An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.004740000
NVD-IS: 1.4
NVD-ES: 2.8