#ExploitObserverAlert
CVE-2023-36802
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-36802. Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-36802
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-36802. Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-27522
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-27522. HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
FIRST-EPSS: 0.005500000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-27522
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-27522. HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
FIRST-EPSS: 0.005500000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-25690
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2023-25690. Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
FIRST-EPSS: 0.032570000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-25690
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2023-25690. Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
FIRST-EPSS: 0.032570000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2012-4001
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2012-4001. The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
FIRST-EPSS: 0.001140000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2012-4001
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2012-4001. The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
FIRST-EPSS: 0.001140000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-29464
DESCRIPTION: Exploit Observer has 92 entries related to CVE-2022-29464. Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
FIRST-EPSS: 0.973460000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-29464
DESCRIPTION: Exploit Observer has 92 entries related to CVE-2022-29464. Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
FIRST-EPSS: 0.973460000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22965
DESCRIPTION: Exploit Observer has 359 entries related to CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9 may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
FIRST-EPSS: 0.975020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22965
DESCRIPTION: Exploit Observer has 359 entries related to CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9 may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
FIRST-EPSS: 0.975020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-37454
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2022-37454. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
FIRST-EPSS: 0.010430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-37454
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2022-37454. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
FIRST-EPSS: 0.010430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-27344
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-27344. The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2020-27344
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-27344. The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-0796
DESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-0796
DESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-30076
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-30076. ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-30076
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-30076. ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-38433
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-38433. Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
FIRST-EPSS: 0.004380000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-38433
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-38433. Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
FIRST-EPSS: 0.004380000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28252
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-28252. Windows Common Log File System Driver Elevation of Privilege Vulnerability
FIRST-EPSS: 0.018150000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-28252
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-28252. Windows Common Log File System Driver Elevation of Privilege Vulnerability
FIRST-EPSS: 0.018150000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-41973
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2022-41973. multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-41973
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2022-41973. multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-32254
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32254. A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
FIRST-EPSS: 0.002170000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2023-32254
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32254. A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
FIRST-EPSS: 0.002170000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.925950000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.925950000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-38354
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38354. The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2021-38354
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38354. The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-47966
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
FIRST-EPSS: 0.970510000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-47966
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
FIRST-EPSS: 0.970510000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3482
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3482. An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-3482
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3482. An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4236. The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-4236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4236. The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-35349
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-35349. Microsoft Message Queuing Remote Code Execution Vulnerability
FIRST-EPSS: 0.008000000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-35349
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-35349. Microsoft Message Queuing Remote Code Execution Vulnerability
FIRST-EPSS: 0.008000000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-38334
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38334. The WP Design Maps
CVE-2021-38334
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38334. The WP Design Maps