#ExploitObserverAlert
CVE-2023-25690
DESCRIPTION: Exploit Observer has 68 entries related to CVE-2023-25690. Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
FIRST-EPSS: 0.032570000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-25690
DESCRIPTION: Exploit Observer has 68 entries related to CVE-2023-25690. Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
FIRST-EPSS: 0.032570000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3786
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-3786. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
FIRST-EPSS: 0.000750000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-3786
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-3786. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
FIRST-EPSS: 0.000750000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2010-4478
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2010-4478. OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
FIRST-EPSS: 0.022410000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2010-4478
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2010-4478. OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
FIRST-EPSS: 0.022410000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2017-5244
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2017-5244. Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
FIRST-EPSS: 0.000650000
NVD-IS: 1.4
NVD-ES: 2.1
CVE-2017-5244
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2017-5244. Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
FIRST-EPSS: 0.000650000
NVD-IS: 1.4
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2008-5161
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
CVE-2008-5161
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2023-29689
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-29689. PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
FIRST-EPSS: 0.005910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-29689
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-29689. PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
FIRST-EPSS: 0.005910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-16905
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-16905. The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
FIRST-EPSS: 0.010910000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2017-16905
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-16905. The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
FIRST-EPSS: 0.010910000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-24023
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-24023. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2023-24023
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-24023. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2019-17564
DESCRIPTION: Exploit Observer has 38 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17564
DESCRIPTION: Exploit Observer has 38 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-16850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-16850. Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
FIRST-EPSS: 0.000770000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-16850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-16850. Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
FIRST-EPSS: 0.000770000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5638
DESCRIPTION: Exploit Observer has 345 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
CVE-2017-5638
DESCRIPTION: Exploit Observer has 345 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
#ExploitObserverAlert
CVE-2015-2208
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-2208. The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
FIRST-EPSS: 0.968030000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2015-2208
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-2208. The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
FIRST-EPSS: 0.968030000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-12873
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-12873. An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
FIRST-EPSS: 0.000840000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-12873
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-12873. An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
FIRST-EPSS: 0.000840000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-37434
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2022-37434. zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
FIRST-EPSS: 0.004010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-37434
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2022-37434. zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
FIRST-EPSS: 0.004010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-10234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10234. The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
FIRST-EPSS: 0.001280000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-10234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10234. The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
FIRST-EPSS: 0.001280000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1967
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2020-1967. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
FIRST-EPSS: 0.099530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-1967
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2020-1967. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
FIRST-EPSS: 0.099530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-12122
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12122. In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-12122
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12122. In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2013-4316
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2013-4316. Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
FIRST-EPSS: 0.008710000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2013-4316
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2013-4316. Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
FIRST-EPSS: 0.008710000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-21768
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-21768. Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
FIRST-EPSS: 0.016680000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21768
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-21768. Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
FIRST-EPSS: 0.016680000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-10214
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-10214. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-10214
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-10214. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8