#ExploitObserverAlert
GHSA-965g-r5x6-g5q2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-965g-r5x6-g5q2. An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
GHSA-965g-r5x6-g5q2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-965g-r5x6-g5q2. An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
#ExploitObserverAlert
GHSA-c2h4-p5j3-jcgh
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c2h4-p5j3-jcgh. A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
GHSA-c2h4-p5j3-jcgh
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-c2h4-p5j3-jcgh. A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
#ExploitObserverAlert
GHSA-m6vm-37g8-gqvh
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-m6vm-37g8-gqvh. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
GHSA-m6vm-37g8-gqvh
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-m6vm-37g8-gqvh. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
#ExploitObserverAlert
GHSA-pv96-p9pp-9m2m
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-pv96-p9pp-9m2m. The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
GHSA-pv96-p9pp-9m2m
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to GHSA-pv96-p9pp-9m2m. The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
#ExploitObserverAlert
GHSA-hr8f-72r6-vq27
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-hr8f-72r6-vq27. Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
GHSA-hr8f-72r6-vq27
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-hr8f-72r6-vq27. Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
#ExploitObserverAlert
GHSA-hrvq-3565-fq43
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-hrvq-3565-fq43. The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
GHSA-hrvq-3565-fq43
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-hrvq-3565-fq43. The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
#ExploitObserverAlert
GHSA-xx65-34vr-mqrj
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-xx65-34vr-mqrj. Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
GHSA-xx65-34vr-mqrj
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-xx65-34vr-mqrj. Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
#ExploitObserverAlert
GHSA-9vh6-qfv6-vcqp
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-9vh6-qfv6-vcqp. Snipe-IT is a free, open-source IT asset/license management systemIn Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This can lead to account take over.
GHSA-9vh6-qfv6-vcqp
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-9vh6-qfv6-vcqp. Snipe-IT is a free, open-source IT asset/license management systemIn Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This can lead to account take over.
#ExploitObserverAlert
GHSA-988v-v47j-cj4p
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-988v-v47j-cj4p. A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-988v-v47j-cj4p
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-988v-v47j-cj4p. A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
WLB-2024010085
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010085. Vinchin Backup And Recovery 7.2 Default MySQL Credentials.
WLB-2024010085
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010085. Vinchin Backup And Recovery 7.2 Default MySQL Credentials.
#ExploitObserverAlert
WLB-2024010086
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010086. CloudLinux CageFS 7.1.1-1 Token Disclosure.
WLB-2024010086
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010086. CloudLinux CageFS 7.1.1-1 Token Disclosure.
#ExploitObserverAlert
GHSA-mr56-56j8-x6r4
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-mr56-56j8-x6r4. An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
GHSA-mr56-56j8-x6r4
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-mr56-56j8-x6r4. An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
#ExploitObserverAlert
GHSA-j4wq-qx9v-xvqj
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j4wq-qx9v-xvqj. Microsoft Edge (Chromium-based) Spoofing Vulnerability
GHSA-j4wq-qx9v-xvqj
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j4wq-qx9v-xvqj. Microsoft Edge (Chromium-based) Spoofing Vulnerability
#ExploitObserverAlert
GHSA-9jv5-wf44-8vfm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-9jv5-wf44-8vfm. Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters.
GHSA-9jv5-wf44-8vfm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-9jv5-wf44-8vfm. Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters.
#ExploitObserverAlert
GHSA-pxvc-5jrx-h52p
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-pxvc-5jrx-h52p. A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-pxvc-5jrx-h52p
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-pxvc-5jrx-h52p. A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-m7gj-wmp7-fwfx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-m7gj-wmp7-fwfx. A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-m7gj-wmp7-fwfx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-m7gj-wmp7-fwfx. A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-jhhh-mxj4-r289
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-jhhh-mxj4-r289. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
GHSA-jhhh-mxj4-r289
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-jhhh-mxj4-r289. Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
#ExploitObserverAlert
GHSA-vhw4-mjfv-p3gg
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-vhw4-mjfv-p3gg. Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
GHSA-vhw4-mjfv-p3gg
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-vhw4-mjfv-p3gg. Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
#ExploitObserverAlert
WLB-2024010081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010081. Yahweh Touch - Blind Sql Injection.
WLB-2024010081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010081. Yahweh Touch - Blind Sql Injection.
#ExploitObserverAlert
GHSA-m295-r33q-79rg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-m295-r33q-79rg. An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.
GHSA-m295-r33q-79rg
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-m295-r33q-79rg. An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.
#ExploitObserverAlert
WLB-2024010087
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010087. PHPJ-Callback-Widget-1.0-XSS-Reflected-admin-Hijacking.
WLB-2024010087
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010087. PHPJ-Callback-Widget-1.0-XSS-Reflected-admin-Hijacking.