#ExploitObserverAlert
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
PD/http/cves/2023/CVE-2023-41763
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
#ExploitObserverAlert
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
#ExploitObserverAlert
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
#ExploitObserverAlert
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to PD/http/cves/2023/CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.
PD/http/cves/2023/CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to PD/http/cves/2023/CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.
#ExploitObserverAlert
CVE-2022-0087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-0087. keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-0087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-0087. keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/misconfiguration/h2o/h2o-dashboard
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/h2o/h2o-dashboard. H2o dashboard by default has no authentication and can lead to RCE on the host.
PD/http/misconfiguration/h2o/h2o-dashboard
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/h2o/h2o-dashboard. H2o dashboard by default has no authentication and can lead to RCE on the host.
#ExploitObserverAlert
CVE-2022-40312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40312. Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-40312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40312. Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6802
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6802. An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
CVE-2023-6802
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6802. An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.