#ExploitObserverAlert
CVE-2023-51448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
CVE-2023-51448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
#ExploitObserverAlert
GHSA-xvpp-hhff-gp7v
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-XVPP-HHFF-GP7V. In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
GHSS: 9.1
GHSA-xvpp-hhff-gp7v
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-XVPP-HHFF-GP7V. In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
GHSS: 9.1
#ExploitObserverAlert
CVE-2022-34267
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
CVE-2022-34267
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
#ExploitObserverAlert
CVE-2020-26048
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-26048. The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
FIRST-EPSS: 0.002900000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-26048
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-26048. The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
FIRST-EPSS: 0.002900000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-36779
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36779. PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
FIRST-EPSS: 0.001420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-36779
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36779. PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
FIRST-EPSS: 0.001420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32725
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32725. The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-32725
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32725. The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-38927
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38927. IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
CVE-2021-38927
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38927. IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
#ExploitObserverAlert
CVE-2023-49119
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49119. Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-49119
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49119. Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
#ExploitObserverAlert
CVE-2023-43177
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.009730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-43177
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.009730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39820
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39820. In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.
CVE-2022-39820
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39820. In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.
#ExploitObserverAlert
CVE-2023-46574
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46574. An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
FIRST-EPSS: 0.002230000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46574
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46574. An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
FIRST-EPSS: 0.002230000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6895
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6895. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000460000
CVE-2023-6895
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6895. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000460000
#ExploitObserverAlert
CVE-2023-35885
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-35885. CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
FIRST-EPSS: 0.022660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-35885
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-35885. CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
FIRST-EPSS: 0.022660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
CVE-2023-51771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
#ExploitObserverAlert
CVE-2019-16784
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2019-16784. In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-16784
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2019-16784. In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-34268
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34268. An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
CVE-2022-34268
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34268. An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
#ExploitObserverAlert
CVE-2023-6710
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6710. A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.
FIRST-EPSS: 0.000430000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6710
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6710. A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.
FIRST-EPSS: 0.000430000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-39818
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39818. In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.
CVE-2022-39818
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39818. In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.
#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39822
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39822. In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
CVE-2022-39822
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39822. In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
#ExploitObserverAlert
CVE-2016-15036
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-15036. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2016-15036
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-15036. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.