#ExploitObserverAlert
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-23932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2775
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2775. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2775
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2775. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-26246
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26246
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-38633
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-38633. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-38633
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-38633. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2095
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2095. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2095
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2095. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24626
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-24626. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
FIRST-EPSS: 0.000620000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2023-24626
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-24626. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
FIRST-EPSS: 0.000620000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-3093
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3093. This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2022-3093
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3093. This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2023-24329
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2023-24329. An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
FIRST-EPSS: 0.000700000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-24329
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2023-24329. An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
FIRST-EPSS: 0.000700000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-26244
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26244
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-8203
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2020-8203. Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
FIRST-EPSS: 0.010360000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2020-8203
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2020-8203. Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
FIRST-EPSS: 0.010360000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-2099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2099. A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-2099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2099. A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-3737
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2021-3737. A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
FIRST-EPSS: 0.015590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-3737
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2021-3737. A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
FIRST-EPSS: 0.015590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-25032
DESCRIPTION: Exploit Observer has 64 entries related to CVE-2018-25032. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
FIRST-EPSS: 0.002780000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-25032
DESCRIPTION: Exploit Observer has 64 entries related to CVE-2018-25032. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
FIRST-EPSS: 0.002780000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2000-1094
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2000-1094. Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
FIRST-EPSS: 0.027150000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2000-1094
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2000-1094. Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
FIRST-EPSS: 0.027150000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-26245
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26245. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26245
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26245. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-10744
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2019-10744. Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
FIRST-EPSS: 0.021570000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2019-10744
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2019-10744. Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
FIRST-EPSS: 0.021570000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2008-4844
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2008-4844. Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
FIRST-EPSS: 0.972770000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2008-4844
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2008-4844. Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
FIRST-EPSS: 0.972770000
NVD-IS: 10.0
NVD-ES: 8.6