#ExploitObserverAlert
PSS-176789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176789. Atlassian Confluence SSTI Injection. This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.
PSS-176789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176789. Atlassian Confluence SSTI Injection. This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.
#ExploitObserverAlert
GHSA-rwf9-8fqr-p44m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-rwf9-8fqr-p44m. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.
GHSA-rwf9-8fqr-p44m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-rwf9-8fqr-p44m. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.
#ExploitObserverAlert
CVE-2021-22060
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-22060. In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-22060
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-22060. In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-29265
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-29265. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
FIRST-EPSS: 0.001270000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-29265
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-29265. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
FIRST-EPSS: 0.001270000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-7021
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-7021. Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2020-7021
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-7021. Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
PSS-176798
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176798. Apple Security Advisory 01-22-2024-3. Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
PSS-176798
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176798. Apple Security Advisory 01-22-2024-3. Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
#ExploitObserverAlert
CVE-2022-28732
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28732. A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
FIRST-EPSS: 0.003650000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-28732
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28732. A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
FIRST-EPSS: 0.003650000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-24947
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-24947
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-46364
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
FIRST-EPSS: 0.028500000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-46364
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
FIRST-EPSS: 0.028500000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176780
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176780. Ubuntu Security Notice USN-6603-1. Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-176780
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176780. Ubuntu Security Notice USN-6603-1. Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
WLB-2024010080
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010080. YahooPOPs 1.6 - SMTP - Denial of Service (DoS).
WLB-2024010080
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010080. YahooPOPs 1.6 - SMTP - Denial of Service (DoS).
#ExploitObserverAlert
GHSA-7695-f938-c2jf
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-7695-f938-c2jf. Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
GHSA-7695-f938-c2jf
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-7695-f938-c2jf. Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
#ExploitObserverAlert
CVE-2021-42342
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2021-42342. An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
FIRST-EPSS: 0.040180000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-42342
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2021-42342. An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
FIRST-EPSS: 0.040180000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-26049
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2023-26049. Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
FIRST-EPSS: 0.001720000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-26049
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2023-26049. Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
FIRST-EPSS: 0.001720000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-27838
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-27838
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176784
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176784. YahooPOPs 1.6 Denial Of Service. YahooPOPs version 1.6 remote denial of service exploit.
PSS-176784
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176784. YahooPOPs 1.6 Denial Of Service. YahooPOPs version 1.6 remote denial of service exploit.
#ExploitObserverAlert
CVE-2021-3632
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-3632. A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
FIRST-EPSS: 0.001630000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2021-3632
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-3632. A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
FIRST-EPSS: 0.001630000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
PSS-176781
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176781. Ubuntu Security Notice USN-6604-1. Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
PSS-176781
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176781. Ubuntu Security Notice USN-6604-1. Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
#ExploitObserverAlert
PSS-176793
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176793. Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.
PSS-176793
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176793. Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.
#ExploitObserverAlert
CVE-2021-3827
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2021-3827. A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
FIRST-EPSS: 0.001130000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2021-3827
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2021-3827. A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
FIRST-EPSS: 0.001130000
NVD-IS: 5.2
NVD-ES: 1.6
#ExploitObserverAlert
PSS-176796
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176796. Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
PSS-176796
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176796. Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.