#ExploitObserverAlert
GHSA-q7vr-846r-64q8
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q7vr-846r-64q8. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
GHSA-q7vr-846r-64q8
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q7vr-846r-64q8. A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
#ExploitObserverAlert
GHSA-3prp-hmjp-8qm4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3prp-hmjp-8qm4. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
GHSA-3prp-hmjp-8qm4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-3prp-hmjp-8qm4. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
#ExploitObserverAlert
GHSA-jwv8-g456-8jg2
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jwv8-g456-8jg2. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
GHSA-jwv8-g456-8jg2
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jwv8-g456-8jg2. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
#ExploitObserverAlert
GHSA-j48h-6x68-4fc5
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-j48h-6x68-4fc5. Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
GHSA-j48h-6x68-4fc5
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-j48h-6x68-4fc5. Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
#ExploitObserverAlert
WLB-2024010082
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010082. Developed By Next Come To Us - Blind Sql Injection.
WLB-2024010082
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010082. Developed By Next Come To Us - Blind Sql Injection.
#ExploitObserverAlert
WLB-2024010083
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010083. Savant 3.0 - Denied of Service (DoS).
WLB-2024010083
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010083. Savant 3.0 - Denied of Service (DoS).
#ExploitObserverAlert
GHSA-hhq2-9p38-jwh9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hhq2-9p38-jwh9. Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
GHSA-hhq2-9p38-jwh9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hhq2-9p38-jwh9. Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
#ExploitObserverAlert
GHSA-wq93-576j-8q58
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to GHSA-wq93-576j-8q58. A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
GHSA-wq93-576j-8q58
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to GHSA-wq93-576j-8q58. A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
#ExploitObserverAlert
GHSA-c6qc-pm8w-2wmg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c6qc-pm8w-2wmg. In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
GHSA-c6qc-pm8w-2wmg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c6qc-pm8w-2wmg. In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
#ExploitObserverAlert
GHSA-jxfv-m3f6-ch5r
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jxfv-m3f6-ch5r. Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
GHSA-jxfv-m3f6-ch5r
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-jxfv-m3f6-ch5r. Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
#ExploitObserverAlert
GHSA-9v9h-cgj8-h64p
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to GHSA-9v9h-cgj8-h64p. Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
GHSA-9v9h-cgj8-h64p
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to GHSA-9v9h-cgj8-h64p. Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
#ExploitObserverAlert
GHSA-mc7w-jq93-55qg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mc7w-jq93-55qg. Microsoft Edge (Chromium-based) Spoofing Vulnerability
GHSA-mc7w-jq93-55qg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mc7w-jq93-55qg. Microsoft Edge (Chromium-based) Spoofing Vulnerability
#ExploitObserverAlert
GHSA-mhgp-p5ch-58q3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-mhgp-p5ch-58q3. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
GHSA-mhgp-p5ch-58q3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-mhgp-p5ch-58q3. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
#ExploitObserverAlert
GHSA-mwxw-hxvp-4r2r
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-mwxw-hxvp-4r2r. Firefly III versions prior to 6.0.0 are vulnerable to improper input validation.
GHSA-mwxw-hxvp-4r2r
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-mwxw-hxvp-4r2r. Firefly III versions prior to 6.0.0 are vulnerable to improper input validation.
#ExploitObserverAlert
GHSA-m2r6-996j-pvf6
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-m2r6-996j-pvf6. Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
GHSA-m2r6-996j-pvf6
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-m2r6-996j-pvf6. Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
#ExploitObserverAlert
GHSA-wpxh-c8x5-mmg6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-wpxh-c8x5-mmg6. An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.
GHSA-wpxh-c8x5-mmg6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-wpxh-c8x5-mmg6. An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.
#ExploitObserverAlert
GHSA-xgfc-fhgr-xpj4
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to GHSA-xgfc-fhgr-xpj4. WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.
GHSA-xgfc-fhgr-xpj4
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to GHSA-xgfc-fhgr-xpj4. WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.
#ExploitObserverAlert
GHSA-965g-r5x6-g5q2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-965g-r5x6-g5q2. An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
GHSA-965g-r5x6-g5q2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-965g-r5x6-g5q2. An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
#ExploitObserverAlert
GHSA-c2h4-p5j3-jcgh
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c2h4-p5j3-jcgh. A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
GHSA-c2h4-p5j3-jcgh
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c2h4-p5j3-jcgh. A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
#ExploitObserverAlert
GHSA-m6vm-37g8-gqvh
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-m6vm-37g8-gqvh. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
GHSA-m6vm-37g8-gqvh
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-m6vm-37g8-gqvh. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
#ExploitObserverAlert
GHSA-pv96-p9pp-9m2m
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-pv96-p9pp-9m2m. The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
GHSA-pv96-p9pp-9m2m
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-pv96-p9pp-9m2m. The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.