#ExploitObserverAlert
CVE-2024-0928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0928. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0928. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-0927
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0927. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0927
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0927. A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-47g8-q2w5-x9jm
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-47g8-q2w5-x9jm. The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
GHSA-47g8-q2w5-x9jm
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-47g8-q2w5-x9jm. The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
#ExploitObserverAlert
CVE-2024-0921
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0921. A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139.
CVE-2024-0921
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0921. A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139.
#ExploitObserverAlert
CVE-2024-0697
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0697. The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2024-0697
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-0697. The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
#ExploitObserverAlert
CVE-2024-22862
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22862. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
CVE-2024-22862
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22862. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
#ExploitObserverAlert
CVE-2024-0922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0922. A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0922. A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-2wfv-qg7w-f9pc
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-2wfv-qg7w-f9pc. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
GHSA-2wfv-qg7w-f9pc
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-2wfv-qg7w-f9pc. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
#ExploitObserverAlert
GHSA-q7vr-846r-64q8
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q7vr-846r-64q8. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
GHSA-q7vr-846r-64q8
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q7vr-846r-64q8. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
#ExploitObserverAlert
GHSA-3prp-hmjp-8qm4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3prp-hmjp-8qm4. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
GHSA-3prp-hmjp-8qm4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3prp-hmjp-8qm4. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
#ExploitObserverAlert
GHSA-jwv8-g456-8jg2
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jwv8-g456-8jg2. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
GHSA-jwv8-g456-8jg2
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jwv8-g456-8jg2. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
#ExploitObserverAlert
GHSA-j48h-6x68-4fc5
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-j48h-6x68-4fc5. Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
GHSA-j48h-6x68-4fc5
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-j48h-6x68-4fc5. Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
#ExploitObserverAlert
WLB-2024010082
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010082. Developed By Next Come To Us - Blind Sql Injection.
WLB-2024010082
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010082. Developed By Next Come To Us - Blind Sql Injection.
#ExploitObserverAlert
WLB-2024010083
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010083. Savant 3.0 - Denied of Service (DoS).
WLB-2024010083
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010083. Savant 3.0 - Denied of Service (DoS).
#ExploitObserverAlert
GHSA-hhq2-9p38-jwh9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hhq2-9p38-jwh9. Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
GHSA-hhq2-9p38-jwh9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hhq2-9p38-jwh9. Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
#ExploitObserverAlert
GHSA-wq93-576j-8q58
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to GHSA-wq93-576j-8q58. A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
GHSA-wq93-576j-8q58
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to GHSA-wq93-576j-8q58. A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
#ExploitObserverAlert
GHSA-c6qc-pm8w-2wmg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c6qc-pm8w-2wmg. In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
GHSA-c6qc-pm8w-2wmg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c6qc-pm8w-2wmg. In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
#ExploitObserverAlert
GHSA-jxfv-m3f6-ch5r
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jxfv-m3f6-ch5r. Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
GHSA-jxfv-m3f6-ch5r
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jxfv-m3f6-ch5r. Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
#ExploitObserverAlert
GHSA-9v9h-cgj8-h64p
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to GHSA-9v9h-cgj8-h64p. Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
GHSA-9v9h-cgj8-h64p
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to GHSA-9v9h-cgj8-h64p. Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
#ExploitObserverAlert
GHSA-mc7w-jq93-55qg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mc7w-jq93-55qg. Microsoft Edge (Chromium-based) Spoofing Vulnerability
GHSA-mc7w-jq93-55qg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mc7w-jq93-55qg. Microsoft Edge (Chromium-based) Spoofing Vulnerability
#ExploitObserverAlert
GHSA-mhgp-p5ch-58q3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-mhgp-p5ch-58q3. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
GHSA-mhgp-p5ch-58q3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-mhgp-p5ch-58q3. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.