#ExploitObserverAlert
CVE-2018-12532
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-12532. JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
FIRST-EPSS: 0.023020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-12532
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-12532. JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
FIRST-EPSS: 0.023020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-10654
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-10654. There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
FIRST-EPSS: 0.001670000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2018-10654
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-10654. There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
FIRST-EPSS: 0.001670000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-49666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49666. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49666. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-1295
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-1295. In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
FIRST-EPSS: 0.019100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-1295
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-1295. In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
FIRST-EPSS: 0.019100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11072
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11072. lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
FIRST-EPSS: 0.905440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11072
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-11072. lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
FIRST-EPSS: 0.905440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34328
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34328.
CVE-2023-34328
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34328.
#ExploitObserverAlert
CVE-2019-4279
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-4279. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
FIRST-EPSS: 0.151910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-4279
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-4279. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
FIRST-EPSS: 0.151910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
#ExploitObserverAlert
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
#ExploitObserverAlert
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-16891
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-16891. Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
FIRST-EPSS: 0.012890000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-16891
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-16891. Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
FIRST-EPSS: 0.012890000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-12628
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-12628. The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-12628
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-12628. The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-24164
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-24164. A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-24164
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-24164. A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5