#ExploitObserverAlert
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
#ExploitObserverAlert
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
#ExploitObserverAlert
WLB-2024010072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010072. Gabriels FTP Server 1.2 - Denial of Service.
WLB-2024010072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010072. Gabriels FTP Server 1.2 - Denial of Service.
#ExploitObserverAlert
CVE-2024-0490
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0490. A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0490
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0490. A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.
FIRST-EPSS: 0.000640000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23648
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23648. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
CVE-2024-23648
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23648. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
#ExploitObserverAlert
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-1885
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1885. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1885
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1885. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-20702
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-20702. In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-20702
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-20702. In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22309
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22309. Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2024-22309
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22309. Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
#ExploitObserverAlert
CVE-2023-50944
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50944. Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
CVE-2023-50944
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50944. Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
#ExploitObserverAlert
CVE-2024-0192
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0192. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2024-0192
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0192. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-39173
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-39173. In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
FIRST-EPSS: 0.003080000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-39173
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-39173. In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
FIRST-EPSS: 0.003080000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
#ExploitObserverAlert
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
#ExploitObserverAlert
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8