#ExploitObserverAlert
CVE-2016-5066
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5066. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
FIRST-EPSS: 0.006590000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-5066
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5066. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
FIRST-EPSS: 0.006590000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-2332
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-2332. flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.
FIRST-EPSS: 0.003040000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-2332
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-2332. flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.
FIRST-EPSS: 0.003040000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-9284
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2015-9284. The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
FIRST-EPSS: 0.001380000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2015-9284
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2015-9284. The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
FIRST-EPSS: 0.001380000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-10392
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-10392. Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
FIRST-EPSS: 0.947360000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-10392
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-10392. Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
FIRST-EPSS: 0.947360000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-7450
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2015-7450. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
FIRST-EPSS: 0.973900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2015-7450
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2015-7450. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
FIRST-EPSS: 0.973900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-1003001
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2019-1003001. A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
FIRST-EPSS: 0.796510000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-1003001
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2019-1003001. A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
FIRST-EPSS: 0.796510000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-5068
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5068. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
FIRST-EPSS: 0.006590000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-5068
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2016-5068. Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
FIRST-EPSS: 0.006590000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-29464
DESCRIPTION: Exploit Observer has 96 entries related to CVE-2022-29464. Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
FIRST-EPSS: 0.973640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-29464
DESCRIPTION: Exploit Observer has 96 entries related to CVE-2022-29464. Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
FIRST-EPSS: 0.973640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2001-0680
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2001-0680. Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
FIRST-EPSS: 0.286570000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2001-0680
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2001-0680. Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
FIRST-EPSS: 0.286570000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-31630
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-31630. Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
FIRST-EPSS: 0.005360000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-31630
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-31630. Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
FIRST-EPSS: 0.005360000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-12725
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-12725. Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
FIRST-EPSS: 0.960080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-12725
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-12725. Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
FIRST-EPSS: 0.960080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36845
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-36845. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.693120000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-36845
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-36845. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.693120000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 348 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 348 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41064
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-41064. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.003300000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41064
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-41064. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.003300000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-26134
DESCRIPTION: Exploit Observer has 237 entries related to CVE-2022-26134. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
FIRST-EPSS: 0.975190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-26134
DESCRIPTION: Exploit Observer has 237 entries related to CVE-2022-26134. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
FIRST-EPSS: 0.975190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-0796
DESCRIPTION: Exploit Observer has 376 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-0796
DESCRIPTION: Exploit Observer has 376 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-26084
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2021-26084. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
FIRST-EPSS: 0.972300000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-26084
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2021-26084. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
FIRST-EPSS: 0.972300000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-21702
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21702. In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
FIRST-EPSS: 0.008950000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-21702
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21702. In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
FIRST-EPSS: 0.008950000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-26828
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-26828. OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
FIRST-EPSS: 0.008750000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-26828
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-26828. OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
FIRST-EPSS: 0.008750000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22501
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-22501. An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.
FIRST-EPSS: 0.001430000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-22501
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-22501. An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.
FIRST-EPSS: 0.001430000
NVD-IS: 5.2
NVD-ES: 3.9