#ExploitObserverAlert
CVE-2023-3167
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3167. The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-3167
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3167. The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22949
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-22949. An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2023-22949
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-22949. An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-45672
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-45672. Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2023-45672
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-45672. Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2023-2047
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2047. A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-2047
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2047. A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41180
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41180. Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS. Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2023-41180
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41180. Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS. Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-48365
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48365. Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
FIRST-EPSS: 0.000820000
NVD-IS: 6.0
NVD-ES: 3.1
CVE-2023-48365
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48365. Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
FIRST-EPSS: 0.000820000
NVD-IS: 6.0
NVD-ES: 3.1
#ExploitObserverAlert
CVE-2023-48765
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48765. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.
FIRST-EPSS: 0.000430000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-48765
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48765. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.
FIRST-EPSS: 0.000430000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-6381
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6381. Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-6381
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6381. Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-39807
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39807. N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39807
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39807. N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21809
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21809. Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21809
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21809. Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-q264-w97q-q778
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-Q264-W97Q-Q778. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic.
GHSS: 5.9
GHSA-q264-w97q-q778
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-Q264-W97Q-Q778. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic.
GHSS: 5.9
#ExploitObserverAlert
CVE-2023-3699
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3699. An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-3699
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3699. An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-30431
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-30431. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-30431
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-30431. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-33142
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33142. Microsoft SharePoint Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000500000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-33142
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33142. Microsoft SharePoint Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000500000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-46371
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46371. TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46371
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46371. TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28360
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28360. An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-28360
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28360. An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-31448
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31448. A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
FIRST-EPSS: 0.000460000
NVD-IS: 3.4
NVD-ES: 1.2
CVE-2023-31448
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31448. A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
FIRST-EPSS: 0.000460000
NVD-IS: 3.4
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-39650
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39650. Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39650
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39650. Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-20244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20244. A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.
FIRST-EPSS: 0.000630000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2023-20244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20244. A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.
FIRST-EPSS: 0.000630000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-48791
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48791. An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-48791
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48791. An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-3680
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3680. A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-3680
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3680. A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9