#ExploitObserverAlert
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
#ExploitObserverAlert
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22425
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-22425. Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
FIRST-EPSS: 0.000920000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-22425
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-22425. Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
FIRST-EPSS: 0.000920000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-27133
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27133. TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
FIRST-EPSS: 0.001300000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27133
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27133. TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
FIRST-EPSS: 0.001300000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50765. A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-50765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50765. A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-26465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26465. Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-26465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26465. Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-32448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32448. PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-32448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32448. PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-37601
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-37601. Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-37601
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-37601. Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-5574
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-5574. A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2023-5574
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-5574. A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2023-3213
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3213. The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-3213
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3213. The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-31729
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31729. TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.
FIRST-EPSS: 0.018000000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-31729
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31729. TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.
FIRST-EPSS: 0.018000000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2426
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2426. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-2426
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2426. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-1109
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1109. In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
FIRST-EPSS: 0.000490000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-1109
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1109. In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
FIRST-EPSS: 0.000490000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2366
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2366. A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2366
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2366. A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28744
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28744. A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
FIRST-EPSS: 0.002380000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-28744
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28744. A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
FIRST-EPSS: 0.002380000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-39695
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39695. Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-39695
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39695. Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50564
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50564. An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
FIRST-EPSS: 0.000550000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-50564
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50564. An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
FIRST-EPSS: 0.000550000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-42704
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42704. In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-42704
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42704. In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8