#ExploitObserverAlert
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46084
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46084. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-50639
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50639. Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-3562
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3562. A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
GHSA-6mjp-2rm6-9g85
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-6MJP-2RM6-9G85. The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki.
GHSS: 9.0
#ExploitObserverAlert
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-45198
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45198. ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-36920
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36920. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-49068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49068. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
FIRST-EPSS: 0.000560000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-49068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49068. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
FIRST-EPSS: 0.000560000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22121
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22121. Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
FIRST-EPSS: 0.000520000
NVD-IS: 2.5
NVD-ES: 2.8
CVE-2023-22121
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22121. Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
FIRST-EPSS: 0.000520000
NVD-IS: 2.5
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
#ExploitObserverAlert
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8