#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39822
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39822. In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
CVE-2022-39822
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-39822. In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
#ExploitObserverAlert
CVE-2016-15036
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-15036. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2016-15036
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-15036. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
#ExploitObserverAlert
CVE-2022-41760
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-41760. An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
CVE-2022-41760
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-41760. An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
#ExploitObserverAlert
CVE-2023-49954
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49954. The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
CVE-2023-49954
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49954. The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
#ExploitObserverAlert
CVE-2022-41762
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-41762. An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
CVE-2022-41762
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-41762. An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
#ExploitObserverAlert
PD/http/cves/2015/CVE-2015-2794
DESCRIPTION: Exploit Observer has 10 entries related to PD/http/cves/2015/CVE-2015-2794. The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
PD/http/cves/2015/CVE-2015-2794
DESCRIPTION: Exploit Observer has 10 entries related to PD/http/cves/2015/CVE-2015-2794. The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
#ExploitObserverAlert
CVE-2023-24955
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-24955. Microsoft SharePoint Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.359560000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-24955
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-24955. Microsoft SharePoint Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.359560000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-42343
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-42343. OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
PD/http/cves/2023/CVE-2023-42343
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-42343. OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
#ExploitObserverAlert
GHSA-rxg7-fjph-p5j8
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RXG7-FJPH-P5J8. Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
GHSS: 7.8
GHSA-rxg7-fjph-p5j8
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RXG7-FJPH-P5J8. Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
GHSS: 7.8
#ExploitObserverAlert
CVE-2018-17552
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-17552. SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
FIRST-EPSS: 0.296770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-17552
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-17552. SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
FIRST-EPSS: 0.296770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49003
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49003. An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
CVE-2023-49003
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49003. An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
#ExploitObserverAlert
GHSA-cq97-7vrx-7chg
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CQ97-7VRX-7CHG. A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
GHSS: 8.8
GHSA-cq97-7vrx-7chg
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CQ97-7VRX-7CHG. A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
GHSS: 8.8
#ExploitObserverAlert
CVE-2023-49001
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49001. An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
CVE-2023-49001
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49001. An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
#ExploitObserverAlert
GHSA-f5vv-hcgf-xvxq
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F5VV-HCGF-XVXQ. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
GHSA-f5vv-hcgf-xvxq
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F5VV-HCGF-XVXQ. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
#ExploitObserverAlert
CVE-2023-40038
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40038. Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
CVE-2023-40038
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40038. Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
#ExploitObserverAlert
GHSA-fjc9-jw7g-7732
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FJC9-JW7G-7732. In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.
GHSS: 7.8
GHSA-fjc9-jw7g-7732
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FJC9-JW7G-7732. In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.
GHSS: 7.8
#ExploitObserverAlert
GHSA-gcq4-64v6-p5pv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-GCQ4-64V6-P5PV. Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
GHSS: 5.4
GHSA-gcq4-64v6-p5pv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-GCQ4-64V6-P5PV. Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
GHSS: 5.4
#ExploitObserverAlert
GHSA-rp8v-59gg-c7h6
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RP8V-59GG-C7H6. Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
GHSS: 7.5
GHSA-rp8v-59gg-c7h6
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RP8V-59GG-C7H6. Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-43481
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43481. An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
CVE-2023-43481
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43481. An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
#ExploitObserverAlert
GHSA-cvg5-hjh8-246x
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CVG5-HJH8-246X. Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
GHSS: 4.4
GHSA-cvg5-hjh8-246x
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CVG5-HJH8-246X. Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
GHSS: 4.4