#ExploitObserverAlert
CVE-2022-4476
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4476. The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
FIRST-EPSS: 0.000940000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-4476
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4476. The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
FIRST-EPSS: 0.000940000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2020-13338
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-13338. An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2020-13338
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-13338. An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2020-27350
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-27350. APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
FIRST-EPSS: 0.000480000
NVD-IS: 3.7
NVD-ES: 1.5
CVE-2020-27350
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-27350. APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
FIRST-EPSS: 0.000480000
NVD-IS: 3.7
NVD-ES: 1.5
#ExploitObserverAlert
CVE-2021-3129
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-3129
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-1938
DESCRIPTION: Exploit Observer has 242 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
FIRST-EPSS: 0.974830000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1938
DESCRIPTION: Exploit Observer has 242 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
FIRST-EPSS: 0.974830000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-41903
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-41903. Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
FIRST-EPSS: 0.001170000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41903
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-41903. Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
FIRST-EPSS: 0.001170000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4549
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4549. The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-4549
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4549. The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-4059
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4059. The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
FIRST-EPSS: 0.013640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-4059
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4059. The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
FIRST-EPSS: 0.013640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4917. The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-4917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4917. The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-26352
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-26352. An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
FIRST-EPSS: 0.974840000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-26352
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-26352. An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
FIRST-EPSS: 0.974840000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-39345
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-39345. The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
FIRST-EPSS: 0.000620000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2021-39345
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-39345. The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
FIRST-EPSS: 0.000620000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2020-1045
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-1045. A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
FIRST-EPSS: 0.002430000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-1045
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-1045. A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
FIRST-EPSS: 0.002430000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-1996
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-1996. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
FIRST-EPSS: 0.002450000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2022-1996
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-1996. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
FIRST-EPSS: 0.002450000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-40674
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-40674. libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
FIRST-EPSS: 0.004320000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2022-40674
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-40674. libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
FIRST-EPSS: 0.004320000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-44667
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-44667. Windows Media Remote Code Execution Vulnerability
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-44667
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-44667. Windows Media Remote Code Execution Vulnerability
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-1234
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-1234. Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-1234
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-1234. Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-5714
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2015-5714. Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
FIRST-EPSS: 0.167530000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2015-5714
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2015-5714. Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
FIRST-EPSS: 0.167530000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-1939
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-1939. The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
FIRST-EPSS: 0.000860000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2022-1939
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-1939. The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
FIRST-EPSS: 0.000860000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2017-6817
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2017-6817. In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2017-6817
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2017-6817. In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-41352
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2022-41352. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
FIRST-EPSS: 0.957590000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41352
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2022-41352. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
FIRST-EPSS: 0.957590000
NVD-IS: 5.9
NVD-ES: 3.9