#ExploitObserverAlert
GHSA-rxh8-p4v2-m8hf
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-RXH8-P4V2-M8HF. The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.
GHSS: 8.8
GHSA-rxh8-p4v2-m8hf
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-RXH8-P4V2-M8HF. The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.
GHSS: 8.8
#ExploitObserverAlert
GHSA-fxf5-c62c-5f69
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FXF5-C62C-5F69. A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
GHSS: 8.2
GHSA-fxf5-c62c-5f69
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FXF5-C62C-5F69. A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
GHSS: 8.2
#ExploitObserverAlert
GHSA-jmj6-p2j9-68cp
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-JMJ6-P2J9-68CP. wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
GHSS: 7.4
GHSA-jmj6-p2j9-68cp
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-JMJ6-P2J9-68CP. wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
GHSS: 7.4
#ExploitObserverAlert
GHSA-rg73-99g2-rp3j
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RG73-99G2-RP3J. Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
GHSS: 7.4
GHSA-rg73-99g2-rp3j
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-RG73-99G2-RP3J. Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
GHSS: 7.4
#ExploitObserverAlert
GHSA-hhgr-rpp9-9whw
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-HHGR-RPP9-9WHW. SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
GHSA-hhgr-rpp9-9whw
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-HHGR-RPP9-9WHW. SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
#ExploitObserverAlert
CVE-2023-26035
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26035
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-26035. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
FIRST-EPSS: 0.104040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-f9fq-vjvh-779p
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-F9FQ-VJVH-779P. HashiCorp vault-ssh-helper (github.com/hashicorp/vault-ssh-helper/helper) up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
GHSS: 7.5
GHSA-f9fq-vjvh-779p
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-F9FQ-VJVH-779P. HashiCorp vault-ssh-helper (github.com/hashicorp/vault-ssh-helper/helper) up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-4641
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4641. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
CVE-2023-4641
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4641. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
#ExploitObserverAlert
CVE-2023-29017
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-29017. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.
FIRST-EPSS: 0.008130000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-29017
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-29017. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.
FIRST-EPSS: 0.008130000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-x3f3-j7qh-9wgj
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-X3F3-J7QH-9WGJ. An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
GHSS: 8.8
GHSA-x3f3-j7qh-9wgj
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-X3F3-J7QH-9WGJ. An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
GHSS: 8.8
#ExploitObserverAlert
GHSA-fr6x-48qq-2px8
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FR6X-48QQ-2PX8. A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.
GHSS: 5.5
GHSA-fr6x-48qq-2px8
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FR6X-48QQ-2PX8. A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.
GHSS: 5.5
#ExploitObserverAlert
GHSA-hcxx-mp6g-6gr9
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-HCXX-MP6G-6GR9. The issue was mostly mitigated before, drastically reducing the risk. See references below for more information.
GHSS: 7.5
GHSA-hcxx-mp6g-6gr9
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-HCXX-MP6G-6GR9. The issue was mostly mitigated before, drastically reducing the risk. See references below for more information.
GHSS: 7.5
#ExploitObserverAlert
GHSA-f8jp-2qgx-v4hf
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-F8JP-2QGX-V4HF. Transient DOS in Modem while allocating DSM items.
GHSS: 7.5
GHSA-f8jp-2qgx-v4hf
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-F8JP-2QGX-V4HF. Transient DOS in Modem while allocating DSM items.
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-49000
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49000. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.
CVE-2023-49000
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49000. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.
#ExploitObserverAlert
GHSA-fqpq-36q8-xc95
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FQPQ-36Q8-XC95. The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)
GHSS: 4.9
GHSA-fqpq-36q8-xc95
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FQPQ-36Q8-XC95. The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)
GHSS: 4.9
#ExploitObserverAlert
GHSA-fj3m-2r8f-m4x9
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FJ3M-2R8F-M4X9. A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
GHSS: 5.5
GHSA-fj3m-2r8f-m4x9
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FJ3M-2R8F-M4X9. A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
GHSS: 5.5
#ExploitObserverAlert
GHSA-f244-f9fc-w6fq
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-F244-F9FC-W6FQ. Multiple Jenkins plugins do not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met:
GHSS: 4.3
GHSA-f244-f9fc-w6fq
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-F244-F9FC-W6FQ. Multiple Jenkins plugins do not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met:
GHSS: 4.3
#ExploitObserverAlert
GHSA-ghjr-v93q-vx27
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-GHJR-V93Q-VX27. In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
GHSS: 6.5
GHSA-ghjr-v93q-vx27
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-GHJR-V93Q-VX27. In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-6893
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6893. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-6893
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6893. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-30179
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-30179. Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.
FIRST-EPSS: 0.056840000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-30179
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-30179. Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.
FIRST-EPSS: 0.056840000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51771
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
CVE-2023-51771
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.