#ExploitObserverAlert

PD/http/cves/2023/CVE-2023-41763

DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-41763. Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability

#ExploitObserverAlert

CVE-2023-26035

DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9

#ExploitObserverAlert

MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject

DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup

#ExploitObserverAlert

CVE-2018-8823

DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.

FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9

#ExploitObserverAlert

PD/http/cves/2018/CVE-2018-8823

DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.

#ExploitObserverAlert

PD/http/cves/2022/CVE-2022-0087

DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.

#ExploitObserverAlert

CVE-2023-41772

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability

FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8

#ExploitObserverAlert

CVE-2023-45499

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup

#ExploitObserverAlert

CVE-2023-45498

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup

#ExploitObserverAlert

CVE-2018-1133

DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8

#ExploitObserverAlert

PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli

DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.

#ExploitObserverAlert

PD/http/cves/2023/CVE-2023-26035

DESCRIPTION: Exploit Observer has 6 entries related to PD/http/cves/2023/CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.

#ExploitObserverAlert

CVE-2022-0087

DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-0087. keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8

#ExploitObserverAlert

PD/http/misconfiguration/h2o/h2o-dashboard

DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/h2o/h2o-dashboard. H2o dashboard by default has no authentication and can lead to RCE on the host.

#ExploitObserverAlert

CVE-2022-40312

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40312. Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

NVD-IS: 3.6
NVD-ES: 2.8

#ExploitObserverAlert

CVE-2023-6802

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6802. An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

#ExploitObserverAlert

CVE-2023-2585

DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2585. Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.

#ExploitObserverAlert

CVE-2019-25157

DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-25157. A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.

#ExploitObserverAlert

CVE-2022-22916

DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22916. O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.

FIRST-EPSS: 0.004750000
NVD-IS: 5.9
NVD-ES: 3.9

#ExploitObserverAlert

CVE-2021-22962

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-22962. An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

#ExploitObserverAlert

CVE-2023-45603

DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45603. Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.