#ExploitObserverAlert
CVE-2024-20253
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-20253. A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
CVE-2024-20253
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-20253. A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
#ExploitObserverAlert
CVE-2024-0929
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0929. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0929
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0929. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0923
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0923. A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0923
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0923. A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-4957-7vhp-7v59
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-4957-7vhp-7v59. A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.
GHSA-4957-7vhp-7v59
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-4957-7vhp-7v59. A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.
#ExploitObserverAlert
GHSA-2532-vm9m-g275
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-2532-vm9m-g275. A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-2532-vm9m-g275
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-2532-vm9m-g275. A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0938
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0938. A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0938
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0938. A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2022-34729
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-34729. Windows GDI Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-34729
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-34729. Windows GDI Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-0941
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0941. A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0941
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0941. A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-22860
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-22860. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
CVE-2024-22860
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-22860. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
#ExploitObserverAlert
CVE-2024-0930
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0930. A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0930
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0930. A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0623
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-0623. The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2024-0623
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-0623. The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0918
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0918. A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0918
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0918. A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0688
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-0688. The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-0688
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-0688. The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
#ExploitObserverAlert
CVE-2024-0924
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0924. A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0924
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0924. A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-22550
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22550. An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2024-22550
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22550. An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
#ExploitObserverAlert
GHSA-3rg4-qgv3-4987
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3rg4-qgv3-4987. Microsoft Edge for Android Information Disclosure Vulnerability
GHSA-3rg4-qgv3-4987
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3rg4-qgv3-4987. Microsoft Edge for Android Information Disclosure Vulnerability
#ExploitObserverAlert
CVE-2022-30206
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-30206. Windows Print Spooler Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-30206
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-30206. Windows Print Spooler Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-0919
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0919. A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0919
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0919. A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0939
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0939. A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0939
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0939. A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-22861
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22861. Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
CVE-2024-22861
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22861. Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
#ExploitObserverAlert
CVE-2024-21385
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21385. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
NVD-IS: 6.0
NVD-ES: 1.6
CVE-2024-21385
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21385. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
NVD-IS: 6.0
NVD-ES: 1.6