#ExploitObserverAlert
CVE-2021-39192
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-39192. Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2021-39192
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-39192. Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-30633
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-30633. Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.004470000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2021-30633
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-30633. Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.004470000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-1177
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1177. Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
FIRST-EPSS: 0.002740000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2022-1177
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1177. Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
FIRST-EPSS: 0.002740000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-40164
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-40164. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-40164
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-40164. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-5044
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-5044. Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-5044
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-5044. Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-25664
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-25664. TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-25664
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-25664. TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-32637
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-32637. Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect other proxy servers, but all of the ones we officially support except nginx do not allow malformed URI paths. The problem is rectified entirely in v4.29.3. As this patch is relatively straightforward we can back port this to any version upon request. Alternatively we are supplying a git patch to 4.25.1 which should be relatively straightforward to apply to any version, the git patches for specific versions can be found in the references. The most relevant workaround is upgrading. You can also add a block which fails requests that contains a malformed URI in the internal location block.
FIRST-EPSS: 0.002100000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-32637
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-32637. Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect other proxy servers, but all of the ones we officially support except nginx do not allow malformed URI paths. The problem is rectified entirely in v4.29.3. As this patch is relatively straightforward we can back port this to any version upon request. Alternatively we are supplying a git patch to 4.25.1 which should be relatively straightforward to apply to any version, the git patches for specific versions can be found in the references. The most relevant workaround is upgrading. You can also add a block which fails requests that contains a malformed URI in the internal location block.
FIRST-EPSS: 0.002100000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3271
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3271. PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
FIRST-EPSS: 0.000630000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2021-3271
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3271. PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
FIRST-EPSS: 0.000630000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2021-3481
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-3481. A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
FIRST-EPSS: 0.000700000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2021-3481
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-3481. A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
FIRST-EPSS: 0.000700000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-7384
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7384. An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-7384
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7384. An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-7208
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-7208. A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7208
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-7208. A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0268
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0268. A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.
CVE-2024-0268
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0268. A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-44353
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2023/CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
PD/http/cves/2023/CVE-2023-44353
DESCRIPTION: Exploit Observer has 3 entries related to PD/http/cves/2023/CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
#ExploitObserverAlert
CVE-2024-0295
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0295. A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0295
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0295. A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2023-44353
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.004560000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-44353
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.004560000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0284
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0284. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-0284
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0284. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-21817
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-21817. Windows Kerberos Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001220000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21817
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-21817. Windows Kerberos Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001220000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-35395
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-35395. Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
FIRST-EPSS: 0.971190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-35395
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-35395. Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
FIRST-EPSS: 0.971190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36267
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-36267. In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
FIRST-EPSS: 0.694210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-36267
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-36267. In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
FIRST-EPSS: 0.694210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0282
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0282. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-0282
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0282. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-x2xw-hw8g-6773
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-X2XW-HW8G-6773. Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts.
GHSA-x2xw-hw8g-6773
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-X2XW-HW8G-6773. Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts.