#ExploitObserverAlert
GHSA-j6jv-pgmx-6fp3
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-J6JV-PGMX-6FP3.
GHSS: 9.8
GHSA-j6jv-pgmx-6fp3
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-J6JV-PGMX-6FP3.
GHSS: 9.8
#ExploitObserverAlert
CVE-2019-20215
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2019-20215. D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
FIRST-EPSS: 0.945950000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-20215
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2019-20215. D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
FIRST-EPSS: 0.945950000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-48025
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48025. Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c
FIRST-EPSS: 0.000840000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-48025
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48025. Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c
FIRST-EPSS: 0.000840000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2014-3120
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2014-3120. The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
FIRST-EPSS: 0.530130000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2014-3120
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2014-3120. The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
FIRST-EPSS: 0.530130000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2023-49105
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49105. An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49105
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49105. An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-3087
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2016-3087. Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
FIRST-EPSS: 0.439040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-3087
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2016-3087. Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
FIRST-EPSS: 0.439040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-1270
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2018-1270. Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
FIRST-EPSS: 0.859620000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-1270
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2018-1270. Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
FIRST-EPSS: 0.859620000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6345
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-6345. Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
FIRST-EPSS: 0.002050000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2023-6345
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-6345. Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
FIRST-EPSS: 0.002050000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-17485
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2017-17485. FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
FIRST-EPSS: 0.107410000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-17485
DESCRIPTION: Exploit Observer has 60 entries related to CVE-2017-17485. FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
FIRST-EPSS: 0.107410000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-12616
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2017-12616. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
FIRST-EPSS: 0.936290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-12616
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2017-12616. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
FIRST-EPSS: 0.936290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-41678
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler
CVE-2022-41678
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler
#ExploitObserverAlert
CVE-2017-9791
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2017-9791. The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
FIRST-EPSS: 0.974480000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-9791
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2017-9791. The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
FIRST-EPSS: 0.974480000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-7199
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2017-7199. Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-7199
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2017-7199. Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2014-4241
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2014-4241. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
FIRST-EPSS: 0.011230000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2014-4241
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2014-4241. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
FIRST-EPSS: 0.011230000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2015-3337
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2015-3337. Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
FIRST-EPSS: 0.964470000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2015-3337
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2015-3337. Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
FIRST-EPSS: 0.964470000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-4438
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2016-4438. The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
FIRST-EPSS: 0.066830000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4438
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2016-4438. The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
FIRST-EPSS: 0.066830000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5638
DESCRIPTION: Exploit Observer has 343 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
CVE-2017-5638
DESCRIPTION: Exploit Observer has 343 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
#ExploitObserverAlert
CVE-2014-4242
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2014-4242. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.
FIRST-EPSS: 0.004280000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2014-4242
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2014-4242. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.
FIRST-EPSS: 0.004280000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2018-1297
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2018-1297. When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
FIRST-EPSS: 0.003910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-1297
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2018-1297. When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
FIRST-EPSS: 0.003910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-12149
DESCRIPTION: Exploit Observer has 97 entries related to CVE-2017-12149. In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-12149
DESCRIPTION: Exploit Observer has 97 entries related to CVE-2017-12149. In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-15982
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2018-15982. Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
FIRST-EPSS: 0.974200000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-15982
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2018-15982. Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
FIRST-EPSS: 0.974200000
NVD-IS: 5.9
NVD-ES: 3.9