#ExploitObserverAlert
CVE-2023-26255
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26255. An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu
CVE-2023-26255
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26255. An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu
#ExploitObserverAlert
CVE-2020-0638
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-0638. An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.000690000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-0638
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-0638. An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.000690000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-48309
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48309. NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication.
FIRST-EPSS: 0.000630000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-48309
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48309. NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication.
FIRST-EPSS: 0.000630000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-43675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-43675. An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
CVE-2022-43675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-43675. An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
#ExploitObserverAlert
CVE-2023-50339
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50339. Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-50339
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50339. Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
#ExploitObserverAlert
CVE-2023-50332
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50332. Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.
CVE-2023-50332
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50332. Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.
#ExploitObserverAlert
CVE-2023-50175
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50175. Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-50175
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50175. Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
#ExploitObserverAlert
CVE-2023-51448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
CVE-2023-51448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
#ExploitObserverAlert
GHSA-xvpp-hhff-gp7v
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-XVPP-HHFF-GP7V. In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
GHSS: 9.1
GHSA-xvpp-hhff-gp7v
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-XVPP-HHFF-GP7V. In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
GHSS: 9.1
#ExploitObserverAlert
CVE-2022-34267
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
CVE-2022-34267
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
#ExploitObserverAlert
CVE-2020-26048
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-26048. The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
FIRST-EPSS: 0.002900000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-26048
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-26048. The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
FIRST-EPSS: 0.002900000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-36779
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36779. PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
FIRST-EPSS: 0.001420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-36779
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36779. PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
FIRST-EPSS: 0.001420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32725
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32725. The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-32725
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32725. The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-38927
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38927. IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
CVE-2021-38927
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38927. IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
#ExploitObserverAlert
CVE-2023-49119
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49119. Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-49119
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49119. Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
#ExploitObserverAlert
CVE-2023-43177
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.009730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-43177
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.009730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39820
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39820. In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.
CVE-2022-39820
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39820. In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.
#ExploitObserverAlert
CVE-2023-46574
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46574. An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
FIRST-EPSS: 0.002230000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46574
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46574. An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
FIRST-EPSS: 0.002230000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6895
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6895. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000460000
CVE-2023-6895
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6895. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000460000
#ExploitObserverAlert
CVE-2023-35885
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-35885. CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
FIRST-EPSS: 0.022660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-35885
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-35885. CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
FIRST-EPSS: 0.022660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
CVE-2023-51771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.