#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-42343
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-42343. OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
PD/http/cves/2023/CVE-2023-42343
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-42343. OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
#ExploitObserverAlert
GHSA-rxg7-fjph-p5j8
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RXG7-FJPH-P5J8. Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
GHSS: 7.8
GHSA-rxg7-fjph-p5j8
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RXG7-FJPH-P5J8. Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
GHSS: 7.8
#ExploitObserverAlert
CVE-2018-17552
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-17552. SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
FIRST-EPSS: 0.296770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-17552
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-17552. SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
FIRST-EPSS: 0.296770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49003
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49003. An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
CVE-2023-49003
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49003. An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
#ExploitObserverAlert
GHSA-cq97-7vrx-7chg
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CQ97-7VRX-7CHG. A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
GHSS: 8.8
GHSA-cq97-7vrx-7chg
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CQ97-7VRX-7CHG. A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
GHSS: 8.8
#ExploitObserverAlert
CVE-2023-49001
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49001. An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
CVE-2023-49001
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49001. An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
#ExploitObserverAlert
GHSA-f5vv-hcgf-xvxq
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F5VV-HCGF-XVXQ. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
GHSA-f5vv-hcgf-xvxq
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F5VV-HCGF-XVXQ. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
#ExploitObserverAlert
CVE-2023-40038
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40038. Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
CVE-2023-40038
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40038. Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
#ExploitObserverAlert
GHSA-fjc9-jw7g-7732
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FJC9-JW7G-7732. In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.
GHSS: 7.8
GHSA-fjc9-jw7g-7732
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FJC9-JW7G-7732. In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.
GHSS: 7.8
#ExploitObserverAlert
GHSA-gcq4-64v6-p5pv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-GCQ4-64V6-P5PV. Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
GHSS: 5.4
GHSA-gcq4-64v6-p5pv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-GCQ4-64V6-P5PV. Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
GHSS: 5.4
#ExploitObserverAlert
GHSA-rp8v-59gg-c7h6
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RP8V-59GG-C7H6. Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
GHSS: 7.5
GHSA-rp8v-59gg-c7h6
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RP8V-59GG-C7H6. Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-43481
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43481. An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
CVE-2023-43481
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43481. An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
#ExploitObserverAlert
GHSA-cvg5-hjh8-246x
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CVG5-HJH8-246X. Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
GHSS: 4.4
GHSA-cvg5-hjh8-246x
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-CVG5-HJH8-246X. Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
GHSS: 4.4
#ExploitObserverAlert
GHSA-wf33-pghc-9qmj
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-WF33-PGHC-9QMJ. Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.
GHSS: 7.1
GHSA-wf33-pghc-9qmj
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-WF33-PGHC-9QMJ. Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.
GHSS: 7.1
#ExploitObserverAlert
CVE-2022-45688
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-45688. A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
FIRST-EPSS: 0.000530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-45688
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-45688. A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
FIRST-EPSS: 0.000530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-fggx-frxq-cpx8
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FGGX-FRXQ-CPX8. Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GHSS: 8.8
GHSA-fggx-frxq-cpx8
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-FGGX-FRXQ-CPX8. Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GHSS: 8.8
#ExploitObserverAlert
GHSA-crfc-rr25-6wf2
DESCRIPTION: Exploit Observer has 7 entries related to GHSA-CRFC-RR25-6WF2. In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
GHSS: 5.5
GHSA-crfc-rr25-6wf2
DESCRIPTION: Exploit Observer has 7 entries related to GHSA-CRFC-RR25-6WF2. In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
GHSS: 5.5
#ExploitObserverAlert
CVE-2023-49002
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49002. An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.
CVE-2023-49002
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49002. An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.
#ExploitObserverAlert
GHSA-w689-557m-2cvq
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-W689-557M-2CVQ. The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.
GHSS: 8.3
GHSA-w689-557m-2cvq
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-W689-557M-2CVQ. The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.
GHSS: 8.3
#ExploitObserverAlert
GHSA-rrwx-6mf8-vc3j
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RRWX-6MF8-VC3J. Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.
GHSS: 9.8
GHSA-rrwx-6mf8-vc3j
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RRWX-6MF8-VC3J. Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.
GHSS: 9.8
#ExploitObserverAlert
GHSA-h5mv-fv98-gqmq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-H5MV-FV98-GQMQ. A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file.
GHSS: 8.8
GHSA-h5mv-fv98-gqmq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-H5MV-FV98-GQMQ. A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file.
GHSS: 8.8