#ExploitObserverAlert
CVE-2023-5115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5115.
CVE-2023-5115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5115.
#ExploitObserverAlert
GHSA-p8vh-85vc-66x9
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-P8VH-85VC-66X9.
GHSS: 4.3
GHSA-p8vh-85vc-66x9
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-P8VH-85VC-66X9.
GHSS: 4.3
#ExploitObserverAlert
CVE-2018-5767
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-5767. An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
FIRST-EPSS: 0.070380000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-5767
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-5767. An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
FIRST-EPSS: 0.070380000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-vmc2-j3gf-mvpp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-VMC2-J3GF-MVPP. In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
GHSS: 5.5
GHSA-vmc2-j3gf-mvpp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-VMC2-J3GF-MVPP. In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
GHSS: 5.5
#ExploitObserverAlert
CVE-2022-25813
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
FIRST-EPSS: 0.004820000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-25813
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
FIRST-EPSS: 0.004820000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-12124
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12124. A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
FIRST-EPSS: 0.002690000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-12124
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12124. A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
FIRST-EPSS: 0.002690000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3693
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3693. LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
FIRST-EPSS: 0.018710000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2021-3693
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3693. LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
FIRST-EPSS: 0.018710000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5236. A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
CVE-2023-5236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5236. A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
#ExploitObserverAlert
CVE-2023-5808
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5808. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-5808
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5808. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-49070
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49070. Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
FIRST-EPSS: 0.501170000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49070
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49070. Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
FIRST-EPSS: 0.501170000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
#ExploitObserverAlert
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
#ExploitObserverAlert
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
#ExploitObserverAlert
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability