#ExploitObserverAlert
CVE-2023-22527
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-22527. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
FIRST-EPSS: 0.000440000
CVE-2023-22527
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-22527. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2023-6395
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6395. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
FIRST-EPSS: 0.000640000
CVE-2023-6395
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6395. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
FIRST-EPSS: 0.000640000
#ExploitObserverAlert
CVE-2023-43955
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
FIRST-EPSS: 0.002610000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-43955
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
FIRST-EPSS: 0.002610000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
MSF/exploit_linux/local/ansible_node_deployer
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to MSF/EXPLOIT_LINUX/LOCAL/ANSIBLE_NODE_DEPLOYER. This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
MSF/exploit_linux/local/ansible_node_deployer
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to MSF/EXPLOIT_LINUX/LOCAL/ANSIBLE_NODE_DEPLOYER. This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
#ExploitObserverAlert
GHSA-85rf-xh54-whp3
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-85RF-XH54-WHP3. A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version.
GHSA-85rf-xh54-whp3
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-85RF-XH54-WHP3. A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version.
#ExploitObserverAlert
CVE-2022-1223
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-1223. Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-1223
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-1223. Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-22409
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22409. DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
CVE-2024-22409
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22409. DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
#ExploitObserverAlert
ZDI-23-1836
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-23-1836. Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44452.
ZDI-23-1836
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-23-1836. Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44452.
#ExploitObserverAlert
CVE-2024-22920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22920. swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
CVE-2024-22920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22920. swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
#ExploitObserverAlert
CVE-2024-22914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22914. A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
CVE-2024-22914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22914. A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
#ExploitObserverAlert
GHSA-4m5p-5w5w-3jcf
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4M5P-5W5W-3JCF. All id-providers using lib-auth login method. lib-auth should invalidate old session after login and replicate session attributes in a new one, however this is not the behavior in affected versions.
GHSA-4m5p-5w5w-3jcf
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4M5P-5W5W-3JCF. All id-providers using lib-auth login method. lib-auth should invalidate old session after login and replicate session attributes in a new one, however this is not the behavior in affected versions.
#ExploitObserverAlert
CVE-2023-38596
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-38596. The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-38596
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-38596. The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
#ExploitObserverAlert
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
#ExploitObserverAlert
WLB-2024010072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010072. Gabriels FTP Server 1.2 - Denial of Service.
WLB-2024010072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010072. Gabriels FTP Server 1.2 - Denial of Service.
#ExploitObserverAlert
CVE-2024-0490
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0490. A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0490
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0490. A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23648
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23648. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
CVE-2024-23648
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23648. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
#ExploitObserverAlert
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000