#ExploitObserverAlert
CVE-2022-44617
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-44617. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-44617
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-44617. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50071
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50071. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
CVE-2023-50071
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50071. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
#ExploitObserverAlert
CVE-2018-11409
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-11409. Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
FIRST-EPSS: 0.895570000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2018-11409
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-11409. Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
FIRST-EPSS: 0.895570000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-41109
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-41109. The SmartNode SN200 Analog Telephone Adapter (ATA)
PD/http/cves/2023/CVE-2023-41109
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/cves/2023/CVE-2023-41109. The SmartNode SN200 Analog Telephone Adapter (ATA)
#ExploitObserverAlert
CVE-2023-7111
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7111. A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.
CVE-2023-7111
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7111. A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-7128
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7128. A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131.
CVE-2023-7128
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7128. A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131.
#ExploitObserverAlert
CVE-2023-7126
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7126. A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
CVE-2023-7126
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7126. A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-43955
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVE-2023-43955
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
#ExploitObserverAlert
CVE-2023-50070
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50070. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
CVE-2023-50070
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50070. Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
#ExploitObserverAlert
CVE-2023-51467
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
CVE-2023-51467
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
#ExploitObserverAlert
CVE-2023-7137
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7137. A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.
CVE-2023-7137
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7137. A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.
#ExploitObserverAlert
CVE-2023-7091
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7091. A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7091
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7091. A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2023-46919
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46919. Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.
CVE-2023-46919
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46919. Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.
#ExploitObserverAlert
CVE-2023-7127
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7127. A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability.
CVE-2023-7127
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7127. A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability.
#ExploitObserverAlert
PD/network/misconfig/erlang-daemon
DESCRIPTION: Exploit Observer has 1 entries related to PD/network/misconfig/erlang-daemon. The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
PD/network/misconfig/erlang-daemon
DESCRIPTION: Exploit Observer has 1 entries related to PD/network/misconfig/erlang-daemon. The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
#ExploitObserverAlert
CVE-2023-7129
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7129. A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132.
CVE-2023-7129
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7129. A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132.
#ExploitObserverAlert
CVE-2023-7138
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7138. A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability.
CVE-2023-7138
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7138. A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2022-44589
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-44589. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
CVE-2022-44589
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-44589. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
#ExploitObserverAlert
CVE-2023-47840
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47840. Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
CVE-2023-47840
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47840. Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
#ExploitObserverAlert
CVE-2023-7142
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7142. A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability.
CVE-2023-7142
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7142. A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-7131
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7131. A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability.
CVE-2023-7131
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-7131. A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability.