#ExploitObserverAlert
CVE-2021-35395
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-35395. Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
FIRST-EPSS: 0.971190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-35395
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-35395. Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
FIRST-EPSS: 0.971190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36267
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-36267. In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
FIRST-EPSS: 0.694210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-36267
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-36267. In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
FIRST-EPSS: 0.694210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0282
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0282. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-0282
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0282. A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-x2xw-hw8g-6773
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-X2XW-HW8G-6773. Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts.
GHSA-x2xw-hw8g-6773
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-X2XW-HW8G-6773. Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts.
#ExploitObserverAlert
CVE-2023-7212
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-7212. A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7212
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-7212. A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2016-9564
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2016-9564. Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
FIRST-EPSS: 0.002620000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2016-9564
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2016-9564. Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
FIRST-EPSS: 0.002620000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-9976
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2019-9976. The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-9976
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2019-9976. The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-2585
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-2585.
CVE-2022-2585
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-2585.
#ExploitObserverAlert
CVE-2023-28588
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-28588. Transient DOS in Bluetooth Host while rfc slot allocation.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-28588
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-28588. Transient DOS in Bluetooth Host while rfc slot allocation.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-7028
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7028. An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
GITLAB-IS: 10.0
CVE-2023-7028
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7028. An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
GITLAB-IS: 10.0
#ExploitObserverAlert
CVE-2023-5631
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.006800000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-5631
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.006800000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2021-34606
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-34606. A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.3
CVE-2021-34606
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-34606. A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.3
#ExploitObserverAlert
CVE-2023-49099
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-49099. Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
CVE-2023-49099
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-49099. Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
#ExploitObserverAlert
CVE-2022-4962
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-4962. A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.
CVE-2022-4962
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-4962. A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.
#ExploitObserverAlert
CVE-2024-22206
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22206. Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
CVE-2024-22206
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22206. Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
#ExploitObserverAlert
CVE-2023-6448
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6448. Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
FIRST-EPSS: 0.068430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-6448
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6448. Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
FIRST-EPSS: 0.068430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-12962
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2019-12962. LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
FIRST-EPSS: 0.206890000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-12962
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2019-12962. LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
FIRST-EPSS: 0.206890000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-51806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-51806. File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.
CVE-2023-51806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-51806. File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.
#ExploitObserverAlert
CVE-2021-44152
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-44152. An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.
FIRST-EPSS: 0.865970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-44152
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-44152. An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.
FIRST-EPSS: 0.865970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-35413
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-35413. WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
FIRST-EPSS: 0.622570000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-35413
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-35413. WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
FIRST-EPSS: 0.622570000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-31747
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-31747. Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-31747
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-31747. Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.8