#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject
DESCRIPTION: Exploit Observer has 1 entries related to MSF/exploit_linux/http/vinchin_backup_recovery_cmd_inject. This module exploits a command injection vulnerability in Vinchin Backup
#ExploitObserverAlert
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2018-8823. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
FIRST-EPSS: 0.026270000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
PD/http/cves/2018/CVE-2018-8823
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2018/CVE-2018-8823. The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal Vertical Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
PD/http/cves/2022/CVE-2022-0087
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2022/CVE-2022-0087. On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
#ExploitObserverAlert
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-41772
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41772. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
CVE-2023-45499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45499. VinChin Backup
#ExploitObserverAlert
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
CVE-2023-45498
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45498. VinChin Backup
#ExploitObserverAlert
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-1133
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.882660000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.
PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli. vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to PD/http/cves/2023/CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.
PD/http/cves/2023/CVE-2023-26035
DESCRIPTION: Exploit Observer has 6 entries related to PD/http/cves/2023/CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.
#ExploitObserverAlert
CVE-2022-0087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-0087. keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-0087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-0087. keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FIRST-EPSS: 0.000680000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/misconfiguration/h2o/h2o-dashboard
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/h2o/h2o-dashboard. H2o dashboard by default has no authentication and can lead to RCE on the host.
PD/http/misconfiguration/h2o/h2o-dashboard
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/h2o/h2o-dashboard. H2o dashboard by default has no authentication and can lead to RCE on the host.
#ExploitObserverAlert
CVE-2022-40312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40312. Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-40312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40312. Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6802
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6802. An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
CVE-2023-6802
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6802. An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
#ExploitObserverAlert
CVE-2023-2585
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2585. Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.
CVE-2023-2585
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2585. Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.
#ExploitObserverAlert
CVE-2019-25157
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-25157. A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.
CVE-2019-25157
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-25157. A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.
#ExploitObserverAlert
CVE-2022-22916
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22916. O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
FIRST-EPSS: 0.004750000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22916
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22916. O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
FIRST-EPSS: 0.004750000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-22962
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-22962. An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
CVE-2021-22962
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-22962. An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
#ExploitObserverAlert
CVE-2023-45603
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45603. Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
CVE-2023-45603
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45603. Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
#ExploitObserverAlert
CVE-2023-29432
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-29432.
CVE-2023-29432
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-29432.