#ExploitObserverAlert
CVE-2023-51064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51064. QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.
CVE-2023-51064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51064. QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.
#ExploitObserverAlert
CVE-2019-2684
DESCRIPTION: Exploit Observer has 41 entries in 3 file formats related to CVE-2019-2684. Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
FIRST-EPSS: 0.002730000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2019-2684
DESCRIPTION: Exploit Observer has 41 entries in 3 file formats related to CVE-2019-2684. Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
FIRST-EPSS: 0.002730000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-41723
DESCRIPTION: Exploit Observer has 23 entries in 3 file formats related to CVE-2022-41723. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
FIRST-EPSS: 0.010310000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-41723
DESCRIPTION: Exploit Observer has 23 entries in 3 file formats related to CVE-2022-41723. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
FIRST-EPSS: 0.010310000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3121
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to CVE-2021-3121. An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
FIRST-EPSS: 0.008290000
NVD-IS: 4.7
NVD-ES: 3.9
CVE-2021-3121
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to CVE-2021-3121. An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
FIRST-EPSS: 0.008290000
NVD-IS: 4.7
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51071
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51071. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.
CVE-2023-51071
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51071. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.
#ExploitObserverAlert
CVE-2023-48909
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-48909. An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.
CVE-2023-48909
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-48909. An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.
#ExploitObserverAlert
CVE-2024-21639
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21639. CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.
CVE-2024-21639
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21639. CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.
#ExploitObserverAlert
CVE-2024-21887
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-21887. A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
NVD-IS: 6.0
NVD-ES: 2.3
CVE-2024-21887
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-21887. A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
NVD-IS: 6.0
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-35509
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-35509. An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-35509
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-35509. An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2019-7365
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2019-7365. DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-7365
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2019-7365. DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-51698
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-51698. Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
CVE-2023-51698
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-51698. Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
#ExploitObserverAlert
CVE-2023-49098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-49098. Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.
CVE-2023-49098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-49098. Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.
#ExploitObserverAlert
CVE-2022-29458
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2022-29458. ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
FIRST-EPSS: 0.001020000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2022-29458
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2022-29458. ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
FIRST-EPSS: 0.001020000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-34470
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2021-34470. Microsoft Exchange Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 2.1
CVE-2021-34470
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2021-34470. Microsoft Exchange Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2020-20300
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-20300. SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
FIRST-EPSS: 0.161230000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-20300
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-20300. SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
FIRST-EPSS: 0.161230000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-18922
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2019-18922. A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
FIRST-EPSS: 0.310540000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2019-18922
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2019-18922. A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
FIRST-EPSS: 0.310540000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51805
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51805. SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.
CVE-2023-51805
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51805. SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.
#ExploitObserverAlert
CVE-2021-23899
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-23899. OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
FIRST-EPSS: 0.002450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-23899
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-23899. OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
FIRST-EPSS: 0.002450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51067. An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.
CVE-2023-51067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51067. An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.
#ExploitObserverAlert
CVE-2024-21654
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21654. Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.
CVE-2024-21654
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21654. Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.
#ExploitObserverAlert
CVE-2023-31714
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-31714. Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
FIRST-EPSS: 0.005350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-31714
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-31714. Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
FIRST-EPSS: 0.005350000
NVD-IS: 5.9
NVD-ES: 3.9