#ExploitObserverAlert
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-49658
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49658. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49658
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49658. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-4372
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-4372. HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.039390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4372
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-4372. HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.039390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-31474
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-31474. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
FIRST-EPSS: 0.733420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-31474
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-31474. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
FIRST-EPSS: 0.733420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-1998
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1998. HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1998
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1998. HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-15692
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2017-15692. In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
FIRST-EPSS: 0.014260000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-15692
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2017-15692. In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
FIRST-EPSS: 0.014260000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7727
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7727. In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
FIRST-EPSS: 0.026030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7727
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7727. In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
FIRST-EPSS: 0.026030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
#ExploitObserverAlert
CVE-2016-1986
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1986. HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.002130000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1986
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1986. HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.002130000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-0788
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2016-0788. The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
FIRST-EPSS: 0.033590000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-0788
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2016-0788. The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
FIRST-EPSS: 0.033590000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50867
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50867. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50867
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50867. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49624
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49624. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49624
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49624. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-8744
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-8744. Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-8744
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-8744. Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-4576
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-4576. IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.
FIRST-EPSS: 0.002290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-4576
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-4576. IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.
FIRST-EPSS: 0.002290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52323
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52323. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVE-2023-52323
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52323. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
#ExploitObserverAlert
CVE-2021-34371
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-34371. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
FIRST-EPSS: 0.039130000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-34371
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-34371. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
FIRST-EPSS: 0.039130000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8016
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-8016. The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
FIRST-EPSS: 0.004410000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8016
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-8016. The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
FIRST-EPSS: 0.004410000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-8012
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8012. In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
FIRST-EPSS: 0.004220000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2017-8012
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8012. In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
FIRST-EPSS: 0.004220000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-51277
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51277. nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
CVE-2023-51277
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51277. nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
#ExploitObserverAlert
CVE-2016-1999
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-1999. The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.004030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1999
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-1999. The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.004030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-2081
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2081. A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
CVE-2022-2081
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2081. A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.