#ExploitObserverAlert
GHSA-g273-wppx-82w4
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-G273-WPPX-82W4. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure.
GHSS: 6.5
GHSA-g273-wppx-82w4
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-G273-WPPX-82W4. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure.
GHSS: 6.5
#ExploitObserverAlert
CVE-2021-30497
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-30497. Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
FIRST-EPSS: 0.963550000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-30497
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-30497. Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
FIRST-EPSS: 0.963550000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-38180
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-38180. .NET and Visual Studio Denial of Service Vulnerability
FIRST-EPSS: 0.010490000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-38180
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-38180. .NET and Visual Studio Denial of Service Vulnerability
FIRST-EPSS: 0.010490000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36883
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-36883. A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
FIRST-EPSS: 0.013280000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-36883
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-36883. A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
FIRST-EPSS: 0.013280000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-3912
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2019-3912. An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
FIRST-EPSS: 0.001600000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-3912
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2019-3912. An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
FIRST-EPSS: 0.001600000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-33807
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2021-33807. Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
FIRST-EPSS: 0.023310000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-33807
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2021-33807. Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
FIRST-EPSS: 0.023310000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2003-0681
DESCRIPTION: Exploit Observer has 41 entries in 3 file formats related to CVE-2003-0681. A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
FIRST-EPSS: 0.008310000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2003-0681
DESCRIPTION: Exploit Observer has 41 entries in 3 file formats related to CVE-2003-0681. A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
FIRST-EPSS: 0.008310000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-46219
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-46219. When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-46219
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-46219. When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-42916
DESCRIPTION: Exploit Observer has 22 entries in 2 file formats related to CVE-2022-42916. In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-42916
DESCRIPTION: Exploit Observer has 22 entries in 2 file formats related to CVE-2022-42916. In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-37538
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37538. Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
FIRST-EPSS: 0.028190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-37538
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37538. Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
FIRST-EPSS: 0.028190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-35338
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-35338. The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
FIRST-EPSS: 0.256160000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-35338
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-35338. The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
FIRST-EPSS: 0.256160000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51804
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51804. An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
CVE-2023-51804
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51804. An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
#ExploitObserverAlert
CVE-2023-51070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51070. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
CVE-2023-51070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51070. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
#ExploitObserverAlert
CVE-2023-7024
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-7024. Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-7024
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-7024. Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-28407
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2020-28407. In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2020-28407
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2020-28407. In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-2944
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2020-2944. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.001010000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2020-2944
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2020-2944. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.001010000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2021-22922
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2021-22922. When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
FIRST-EPSS: 0.001780000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2021-22922
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2021-22922. When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
FIRST-EPSS: 0.001780000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-21667
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21667. pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.
CVE-2024-21667
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21667. pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.
#ExploitObserverAlert
GHSA-4553-hq82-8654
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4553-HQ82-8654. This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.
GHSS: 7.5
GHSA-4553-hq82-8654
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4553-HQ82-8654. This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.
GHSS: 7.5
#ExploitObserverAlert
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9