#ExploitObserverAlert
CVE-2024-22086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22086. handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.
CVE-2024-22086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22086. handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.
#ExploitObserverAlert
CVE-2023-51448
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-51448
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-11365
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-11365. An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
FIRST-EPSS: 0.326570000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11365
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-11365. An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
FIRST-EPSS: 0.326570000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-27877
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-27877. An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
FIRST-EPSS: 0.675550000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-27877
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-27877. An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
FIRST-EPSS: 0.675550000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39838
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-39838. Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.
FIRST-EPSS: 0.003470000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2022-39838
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-39838. Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.
FIRST-EPSS: 0.003470000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-25642
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-25642. ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-25642
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-25642. ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-15368
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-15368. AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-15368
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-15368. AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-40648
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-40648. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-40648
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-40648. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-0264
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-0264. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.
CVE-2024-0264
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-0264. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.
#ExploitObserverAlert
CVE-2022-1459
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1459. Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
FIRST-EPSS: 0.002080000
NVD-IS: 5.5
NVD-ES: 2.8
CVE-2022-1459
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1459. Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
FIRST-EPSS: 0.002080000
NVD-IS: 5.5
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-1179
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1179. Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
FIRST-EPSS: 0.051470000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-1179
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1179. Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
FIRST-EPSS: 0.051470000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-1461
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1461. Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
FIRST-EPSS: 0.001890000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-1461
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1461. Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
FIRST-EPSS: 0.001890000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-43787
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-43787. A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-43787
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-43787. A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-22088
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22088. Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVE-2024-22088
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22088. Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
#ExploitObserverAlert
CVE-2021-36356
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-36356. KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
FIRST-EPSS: 0.930090000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-36356
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-36356. KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
FIRST-EPSS: 0.930090000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23934
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-23934. Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.1
CVE-2023-23934
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-23934. Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2022-2493
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-2493. Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
FIRST-EPSS: 0.002200000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2022-2493
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-2493. Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
FIRST-EPSS: 0.002200000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5838
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5838. Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-5838
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5838. Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5878
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-5878. The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
FIRST-EPSS: 0.008450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-5878
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-5878. The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
FIRST-EPSS: 0.008450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45857
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-45857. An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-45857
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-45857. An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-16045
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-16045. Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.001610000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2020-16045
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-16045. Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.001610000
NVD-IS: 6.0
NVD-ES: 2.8