#ExploitObserverAlert
CVE-2021-21702
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21702. In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
FIRST-EPSS: 0.008950000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-21702
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21702. In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
FIRST-EPSS: 0.008950000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-26828
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-26828. OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
FIRST-EPSS: 0.008750000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-26828
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-26828. OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
FIRST-EPSS: 0.008750000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 170 entries related to CVE-2023-20198. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
FIRST-EPSS: 0.890740000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22501
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-22501. An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.
FIRST-EPSS: 0.001430000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-22501
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-22501. An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.
FIRST-EPSS: 0.001430000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46604
DESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.968050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46604
DESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.968050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-11012
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-11012. MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.
FIRST-EPSS: 0.001000000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-11012
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-11012. MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.
FIRST-EPSS: 0.001000000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-29652
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-29652. A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
FIRST-EPSS: 0.005420000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-29652
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-29652. A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
FIRST-EPSS: 0.005420000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-24186
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-24186. A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
FIRST-EPSS: 0.974170000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-24186
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-24186. A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
FIRST-EPSS: 0.974170000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4631
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4631. The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-4631
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4631. The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-10385
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-10385. A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
FIRST-EPSS: 0.005660000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2020-10385
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-10385. A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
FIRST-EPSS: 0.005660000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2018-19422
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-19422. /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
FIRST-EPSS: 0.768050000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2018-19422
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-19422. /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
FIRST-EPSS: 0.768050000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-11651
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2020-11651. An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
FIRST-EPSS: 0.974930000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-11651
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2020-11651. An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
FIRST-EPSS: 0.974930000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-12271
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-12271. A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
FIRST-EPSS: 0.011730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-12271
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-12271. A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
FIRST-EPSS: 0.011730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-8759
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2017-8759. Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
FIRST-EPSS: 0.970420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-8759
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2017-8759. Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
FIRST-EPSS: 0.970420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-3143
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2017-3143. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
FIRST-EPSS: 0.029520000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2017-3143
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2017-3143. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
FIRST-EPSS: 0.029520000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2016-2431
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2016-2431. The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-2431
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2016-2431. The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-5715
DESCRIPTION: Exploit Observer has 195 entries related to CVE-2017-5715. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975480000
NVD-IS: 4.0
NVD-ES: 1.1
CVE-2017-5715
DESCRIPTION: Exploit Observer has 195 entries related to CVE-2017-5715. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975480000
NVD-IS: 4.0
NVD-ES: 1.1
#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.134140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.134140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-3639
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2018-3639
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-6639
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2015-6639. The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
FIRST-EPSS: 0.003200000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2015-6639
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2015-6639. The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
FIRST-EPSS: 0.003200000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-23752
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-23752
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9