#ExploitObserverAlert
CVE-2015-6420
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2015-6420. Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.008800000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2015-6420
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2015-6420. Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.008800000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2019-9053
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-9053
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2016-3510
DESCRIPTION: Exploit Observer has 86 entries related to CVE-2016-3510. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
FIRST-EPSS: 0.034040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-3510
DESCRIPTION: Exploit Observer has 86 entries related to CVE-2016-3510. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
FIRST-EPSS: 0.034040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2011-2523
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2011-2523
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-1003002
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1003002. A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
FIRST-EPSS: 0.796510000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-1003002
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1003002. A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
FIRST-EPSS: 0.796510000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2012-3414
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2012-3414. Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
FIRST-EPSS: 0.034160000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2012-3414
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2012-3414. Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
FIRST-EPSS: 0.034160000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2015-1635
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
FIRST-EPSS: 0.975590000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-1635
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
FIRST-EPSS: 0.975590000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-2299
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2299. The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-2299
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2299. The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2016-0792
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2016-0792. Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
FIRST-EPSS: 0.973140000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-0792
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2016-0792. Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
FIRST-EPSS: 0.973140000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-1003030
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-1003030. A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.006590000
NVD-IS: 6.0
NVD-ES: 3.1
CVE-2019-1003030
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-1003030. A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.006590000
NVD-IS: 6.0
NVD-ES: 3.1
#ExploitObserverAlert
CVE-2021-1766
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-1766. This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2021-1766
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-1766. This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-6854
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-6854. The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
FIRST-EPSS: 0.004830000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2015-6854
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-6854. The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
FIRST-EPSS: 0.004830000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-1212
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-1212. The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-1212
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-1212. The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-1003000
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2019-1003000. A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.836470000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-1003000
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2019-1003000. A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
FIRST-EPSS: 0.836470000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-1328
DESCRIPTION: Exploit Observer has 92 entries related to CVE-2015-1328. The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2015-1328
DESCRIPTION: Exploit Observer has 92 entries related to CVE-2015-1328. The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-27905
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27905. Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
FIRST-EPSS: 0.000910000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2023-27905
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27905. Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
FIRST-EPSS: 0.000910000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-5065
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5065. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
FIRST-EPSS: 0.012010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-5065
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5065. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
FIRST-EPSS: 0.012010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-6033
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2015-6033. Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
FIRST-EPSS: 0.001110000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-6033
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2015-6033. Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
FIRST-EPSS: 0.001110000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-1291
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-1291. Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
FIRST-EPSS: 0.162760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1291
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-1291. Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
FIRST-EPSS: 0.162760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-8103
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2015-8103. The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
FIRST-EPSS: 0.393800000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2015-8103
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2015-8103. The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
FIRST-EPSS: 0.393800000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2016-4464
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2016-4464. The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
FIRST-EPSS: 0.020320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4464
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2016-4464. The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
FIRST-EPSS: 0.020320000
NVD-IS: 5.9
NVD-ES: 3.9