#ExploitObserverAlert
CVE-2023-49000
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49000. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.
CVE-2023-49000
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49000. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.
#ExploitObserverAlert
GHSA-fqpq-36q8-xc95
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FQPQ-36Q8-XC95. The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)
GHSS: 4.9
GHSA-fqpq-36q8-xc95
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-FQPQ-36Q8-XC95. The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)
GHSS: 4.9
#ExploitObserverAlert
GHSA-fj3m-2r8f-m4x9
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FJ3M-2R8F-M4X9. A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
GHSS: 5.5
GHSA-fj3m-2r8f-m4x9
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FJ3M-2R8F-M4X9. A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
GHSS: 5.5
#ExploitObserverAlert
GHSA-f244-f9fc-w6fq
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-F244-F9FC-W6FQ. Multiple Jenkins plugins do not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met:
GHSS: 4.3
GHSA-f244-f9fc-w6fq
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-F244-F9FC-W6FQ. Multiple Jenkins plugins do not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met:
GHSS: 4.3
#ExploitObserverAlert
GHSA-ghjr-v93q-vx27
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-GHJR-V93Q-VX27. In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
GHSS: 6.5
GHSA-ghjr-v93q-vx27
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-GHJR-V93Q-VX27. In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-6893
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6893. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-6893
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6893. A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-30179
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-30179. Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.
FIRST-EPSS: 0.056840000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-30179
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-30179. Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.
FIRST-EPSS: 0.056840000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51771
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
CVE-2023-51771
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51771. In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.
#ExploitObserverAlert
CVE-2023-47883
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47883. The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
CVE-2023-47883
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47883. The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
#ExploitObserverAlert
CVE-2009-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2009-1026. Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
FIRST-EPSS: 0.000770000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2009-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2009-1026. Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
FIRST-EPSS: 0.000770000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-44617
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-44617. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-44617
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-44617. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50071
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50071. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
CVE-2023-50071
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50071. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
#ExploitObserverAlert
CVE-2018-11409
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-11409. Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
FIRST-EPSS: 0.895570000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2018-11409
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-11409. Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
FIRST-EPSS: 0.895570000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-41109
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-41109. The SmartNode SN200 Analog Telephone Adapter (ATA)
PD/http/cves/2023/CVE-2023-41109
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-41109. The SmartNode SN200 Analog Telephone Adapter (ATA)
#ExploitObserverAlert
CVE-2023-7111
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7111. A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.
CVE-2023-7111
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7111. A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-7128
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7128. A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131.
CVE-2023-7128
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7128. A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131.
#ExploitObserverAlert
CVE-2023-7126
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7126. A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
CVE-2023-7126
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7126. A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-43955
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVE-2023-43955
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
#ExploitObserverAlert
CVE-2023-50070
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50070. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
CVE-2023-50070
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50070. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
#ExploitObserverAlert
CVE-2023-51467
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
CVE-2023-51467
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
#ExploitObserverAlert
CVE-2023-7137
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7137. A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.
CVE-2023-7137
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7137. A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.