#ExploitObserverAlert
CVE-2023-20843
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20843. In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.6
CVE-2023-20843
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20843. In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.6
#ExploitObserverAlert
CVE-2023-31099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31099. Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
FIRST-EPSS: 0.001760000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-31099
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31099. Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
FIRST-EPSS: 0.001760000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5499. Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.
FIRST-EPSS: 0.001030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-5499
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5499. Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.
FIRST-EPSS: 0.001030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4463
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4463. A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
FIRST-EPSS: 0.000450000
CVE-2023-4463
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-4463. A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-38932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38932. Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38932. Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34007
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34007. Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-34007
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34007. Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22010
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22010. Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 0.7
CVE-2023-22010
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22010. Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 0.7
#ExploitObserverAlert
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
#ExploitObserverAlert
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8