#ExploitObserverAlert
CVE-2023-50256
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-50256
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23897
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2024-23897. Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
CVE-2024-23897
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2024-23897. Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
#ExploitObserverAlert
CVE-2023-5981
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-5981. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
FIRST-EPSS: 0.000710000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2023-5981
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-5981. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
FIRST-EPSS: 0.000710000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-44001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-44001. An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-44001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-44001. An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
PSS-176715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176715. Ubuntu Security Notice USN-6597-1. Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
PSS-176715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176715. Ubuntu Security Notice USN-6597-1. Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
#ExploitObserverAlert
CVE-2024-0265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0265. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.
FIRST-EPSS: 0.001070000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2024-0265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0265. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.
FIRST-EPSS: 0.001070000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-j3m6-gvm8-mhvw
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j3m6-gvm8-mhvw. Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions.
GHSA-j3m6-gvm8-mhvw
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j3m6-gvm8-mhvw. Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions.
#ExploitObserverAlert
CVE-2023-32845
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-32845. In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-32845
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-32845. In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-48476
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-48476. In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
FIRST-EPSS: 0.000900000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-48476
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-48476. In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
FIRST-EPSS: 0.000900000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24453
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-24453. A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-24453
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-24453. A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-4304
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-4304. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 1.2
CVE-2023-4304
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-4304. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-0789
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0789. Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-0789
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0789. Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-43992
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43992. An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43992
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43992. An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-41474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-41474. Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
CVE-2023-41474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-41474. Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
#ExploitObserverAlert
WLB-2024010075
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010075. MiniWeb HTTP Server 0.8.19 - Denied of Service (DoS).
WLB-2024010075
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010075. MiniWeb HTTP Server 0.8.19 - Denied of Service (DoS).
#ExploitObserverAlert
GHSA-g5m6-hxpp-fc49
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-g5m6-hxpp-fc49. In SvelteKit 2 sending a GET request with a body eg {} to a SvelteKit app in preview or with adapter-node throws Request with GET/HEAD method cannot have body. and crashes the app.
GHSA-g5m6-hxpp-fc49
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-g5m6-hxpp-fc49. In SvelteKit 2 sending a GET request with a body eg {} to a SvelteKit app in preview or with adapter-node throws Request with GET/HEAD method cannot have body. and crashes the app.
#ExploitObserverAlert
PSS-176717
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to PSS-176717. Debian Security Advisory 5605-1. Debian Linux Security Advisory 5605-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
PSS-176717
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to PSS-176717. Debian Security Advisory 5605-1. Debian Linux Security Advisory 5605-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
#ExploitObserverAlert
CVE-2022-38152
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38152. An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.
FIRST-EPSS: 0.002470000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-38152
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38152. An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.
FIRST-EPSS: 0.002470000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0533
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0533. A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2024-0533
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0533. A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2024-23898
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23898. Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
CVE-2024-23898
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23898. Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
#ExploitObserverAlert
CVE-2023-43990
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43990. An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43990
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43990. An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.