#ExploitObserverAlert
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
#ExploitObserverAlert
CVE-2016-1986
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1986. HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.002130000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1986
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1986. HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.002130000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-0788
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2016-0788. The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
FIRST-EPSS: 0.033590000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-0788
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2016-0788. The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
FIRST-EPSS: 0.033590000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50867
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50867. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50867
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50867. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49624
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49624. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49624
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49624. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-8744
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-8744. Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-8744
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-8744. Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-4576
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-4576. IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.
FIRST-EPSS: 0.002290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-4576
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-4576. IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.
FIRST-EPSS: 0.002290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52323
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52323. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVE-2023-52323
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52323. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
#ExploitObserverAlert
CVE-2021-34371
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-34371. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
FIRST-EPSS: 0.039130000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-34371
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-34371. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
FIRST-EPSS: 0.039130000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8016
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-8016. The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
FIRST-EPSS: 0.004410000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8016
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-8016. The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
FIRST-EPSS: 0.004410000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-8012
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8012. In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
FIRST-EPSS: 0.004220000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2017-8012
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8012. In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
FIRST-EPSS: 0.004220000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-51277
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51277. nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
CVE-2023-51277
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51277. nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
#ExploitObserverAlert
CVE-2016-1999
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-1999. The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.004030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1999
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-1999. The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.004030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-2081
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2081. A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
CVE-2022-2081
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-2081. A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
#ExploitObserverAlert
CVE-2023-28502
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-28502. Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
FIRST-EPSS: 0.192980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-28502
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-28502. Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
FIRST-EPSS: 0.192980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49665
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49665. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49665
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49665. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52267
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-52267. ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.
FIRST-EPSS: 0.000430000
CVE-2023-52267
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-52267. ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-40084
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-40084. In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-40084
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-40084. In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-12557
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-12557. A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
FIRST-EPSS: 0.913440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-12557
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-12557. A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
FIRST-EPSS: 0.913440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-19052
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-19052. An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
FIRST-EPSS: 0.004420000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-19052
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-19052. An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
FIRST-EPSS: 0.004420000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-1997
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1997. HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1997
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1997. HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9