#ExploitObserverAlert
CVE-2023-28651
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-28651. Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-28651
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-28651. Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2023-46408
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46408. TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46408
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46408. TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-33790
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33790. A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-33790
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33790. A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-3235
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-3235. A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-3235
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-3235. A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5908
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5908. KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
FIRST-EPSS: 0.000690000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-5908
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5908. KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
FIRST-EPSS: 0.000690000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-30440
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30440. IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.
FIRST-EPSS: 0.000420000
NVD-IS: 4.7
NVD-ES: 2.5
CVE-2023-30440
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30440. IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.
FIRST-EPSS: 0.000420000
NVD-IS: 4.7
NVD-ES: 2.5
#ExploitObserverAlert
CVE-2023-22858
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22858. An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-22858
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22858. An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-2ccf-ffrj-m4qw
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-2CCF-FFRJ-M4QW. The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers.
GHSS: 6.5
GHSA-2ccf-ffrj-m4qw
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-2CCF-FFRJ-M4QW. The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-20843
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20843. In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.6
CVE-2023-20843
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20843. In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.6
#ExploitObserverAlert
CVE-2023-31099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31099. Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
FIRST-EPSS: 0.001760000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-31099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31099. Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
FIRST-EPSS: 0.001760000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5499. Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.
FIRST-EPSS: 0.001030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-5499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5499. Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.
FIRST-EPSS: 0.001030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4463
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4463. A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
FIRST-EPSS: 0.000450000
CVE-2023-4463
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4463. A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-38932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38932. Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38932. Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34007
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34007. Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-34007
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34007. Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22010
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22010. Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 0.7
CVE-2023-22010
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22010. Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 0.7
#ExploitObserverAlert
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
#ExploitObserverAlert
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8