#ExploitObserverAlert
CVE-2023-50752
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50752. Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50752
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50752. Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6270
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6270. A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
CVE-2023-6270
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6270. A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
#ExploitObserverAlert
CVE-2019-0344
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-0344. Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
FIRST-EPSS: 0.002870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-0344
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-0344. Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
FIRST-EPSS: 0.002870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-45465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-45465. A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-45465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-45465. A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-12532
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-12532. JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
FIRST-EPSS: 0.023020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-12532
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-12532. JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
FIRST-EPSS: 0.023020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-10654
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-10654. There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
FIRST-EPSS: 0.001670000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2018-10654
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-10654. There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
FIRST-EPSS: 0.001670000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-49666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49666. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49666. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-1295
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-1295. In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
FIRST-EPSS: 0.019100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-1295
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-1295. In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
FIRST-EPSS: 0.019100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11072
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11072. lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
FIRST-EPSS: 0.905440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11072
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11072. lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
FIRST-EPSS: 0.905440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34328
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34328.
CVE-2023-34328
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34328.
#ExploitObserverAlert
CVE-2019-4279
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-4279. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
FIRST-EPSS: 0.151910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-4279
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-4279. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
FIRST-EPSS: 0.151910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
#ExploitObserverAlert
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
#ExploitObserverAlert
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9