#ExploitObserverAlert
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
#ExploitObserverAlert
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
#ExploitObserverAlert
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
#ExploitObserverAlert
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
#ExploitObserverAlert
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
#ExploitObserverAlert
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
#ExploitObserverAlert
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.