#ExploitObserverAlert
CVE-2023-29383
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-29383. In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 1.8
CVE-2023-29383
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-29383. In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-21983
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2021-21983. Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
FIRST-EPSS: 0.002480000
NVD-IS: 5.2
NVD-ES: 1.2
CVE-2021-21983
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2021-21983. Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
FIRST-EPSS: 0.002480000
NVD-IS: 5.2
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-8813
DESCRIPTION: Exploit Observer has 44 entries related to CVE-2020-8813. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
FIRST-EPSS: 0.946700000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-8813
DESCRIPTION: Exploit Observer has 44 entries related to CVE-2020-8813. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
FIRST-EPSS: 0.946700000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-0796
DESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-0796
DESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.974840000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-1350
DESCRIPTION: Exploit Observer has 111 entries related to CVE-2020-1350. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.942410000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-1350
DESCRIPTION: Exploit Observer has 111 entries related to CVE-2020-1350. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.942410000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2251
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2251. Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-2251
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2251. Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-35728
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2020-35728. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
FIRST-EPSS: 0.006740000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2020-35728
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2020-35728. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
FIRST-EPSS: 0.006740000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2020-11652
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2020-11652. An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
FIRST-EPSS: 0.973530000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-11652
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2020-11652. An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
FIRST-EPSS: 0.973530000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-3952
DESCRIPTION: Exploit Observer has 48 entries related to CVE-2020-3952. Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
FIRST-EPSS: 0.640320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-3952
DESCRIPTION: Exploit Observer has 48 entries related to CVE-2020-3952. Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
FIRST-EPSS: 0.640320000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-27666
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2022-27666. A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-27666
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2022-27666. A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-34473
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2021-34473. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
FIRST-EPSS: 0.973440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-34473
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2021-34473. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
FIRST-EPSS: 0.973440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-27065
DESCRIPTION: Exploit Observer has 86 entries related to CVE-2021-27065. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.
FIRST-EPSS: 0.969370000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-27065
DESCRIPTION: Exploit Observer has 86 entries related to CVE-2021-27065. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.
FIRST-EPSS: 0.969370000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2006-3392
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2006-3392. Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using ".. " sequences, which bypass the removal of "../" sequences before bytes such as " " are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
FIRST-EPSS: 0.943990000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2006-3392
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2006-3392. Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using ".. " sequences, which bypass the removal of "../" sequences before bytes such as " " are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
FIRST-EPSS: 0.943990000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-36934
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36934
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-12384
DESCRIPTION: Exploit Observer has 70 entries related to CVE-2019-12384. FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
FIRST-EPSS: 0.368590000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2019-12384
DESCRIPTION: Exploit Observer has 70 entries related to CVE-2019-12384. FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
FIRST-EPSS: 0.368590000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-36434
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36434. Windows IIS Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-36434
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36434. Windows IIS Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-12149
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2017-12149. In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-12149
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2017-12149. In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11510
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2019-11510. In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
FIRST-EPSS: 0.972780000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2019-11510
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2019-11510. In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
FIRST-EPSS: 0.972780000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-17144
DESCRIPTION: Exploit Observer has 35 entries related to CVE-2020-17144. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.
FIRST-EPSS: 0.266280000
NVD-IS: 6.0
NVD-ES: 1.7
CVE-2020-17144
DESCRIPTION: Exploit Observer has 35 entries related to CVE-2020-17144. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.
FIRST-EPSS: 0.266280000
NVD-IS: 6.0
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2022-35653
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-35653. A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
FIRST-EPSS: 0.006730000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-35653
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-35653. A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
FIRST-EPSS: 0.006730000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-4355
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-4355. The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
FIRST-EPSS: 0.000720000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-4355
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-4355. The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
FIRST-EPSS: 0.000720000
NVD-IS: 1.4
NVD-ES: 3.9