#ExploitObserverAlert
PSS-177063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177063. Red Hat Security Advisory 2024-0758-03. Red Hat Security Advisory 2024-0758-03 - An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
PSS-177063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177063. Red Hat Security Advisory 2024-0758-03. Red Hat Security Advisory 2024-0758-03 - An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
#ExploitObserverAlert
CVE-2024-25448
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25448. An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
FIRST-EPSS: 0.000430000
CVE-2024-25448
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25448. An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-47020
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-47020. Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.
FIRST-EPSS: 0.000430000
CVE-2023-47020
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-47020. Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51788
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51788. Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
EDB-51788
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51788. Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
#ExploitObserverAlert
ZDI-24-107
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-107. Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.
ZDI-24-107
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-107. Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.
#ExploitObserverAlert
PSS-177064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177064. Ubuntu Security Notice USN-6625-2. Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
PSS-177064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177064. Ubuntu Security Notice USN-6625-2. Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
#ExploitObserverAlert
CVE-2024-24350
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24350. File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.
FIRST-EPSS: 0.000430000
CVE-2024-24350
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24350. File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-108. Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-22528.
ZDI-24-108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-108. Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-22528.
#ExploitObserverAlert
CVE-2024-24706
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24706. Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
FIRST-EPSS: 0.000430000
CVE-2024-24706
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24706. Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51789. Wordpress Seotheme - Remote Code Execution Unauthenticated
EDB-51789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51789. Wordpress Seotheme - Remote Code Execution Unauthenticated
#ExploitObserverAlert
PSS-177051
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177051. Red Hat Security Advisory 2024-0748-03. Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
PSS-177051
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177051. Red Hat Security Advisory 2024-0748-03. Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
#ExploitObserverAlert
WLB-2024020034
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020034. Newgen Technologies SQL Injection Vulnerability.
WLB-2024020034
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020034. Newgen Technologies SQL Injection Vulnerability.
#ExploitObserverAlert
PSS-177050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177050. Red Hat Security Advisory 2024-0746-03. Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
PSS-177050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177050. Red Hat Security Advisory 2024-0746-03. Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
#ExploitObserverAlert
ZDI-24-104
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-104. Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22548.
ZDI-24-104
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-104. Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22548.
#ExploitObserverAlert
PSS-177069
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to PSS-177069. IBM i Access Client Solutions Remote Credential Theft. IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
PSS-177069
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to PSS-177069. IBM i Access Client Solutions Remote Credential Theft. IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
#ExploitObserverAlert
PSS-177052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177052. Advanced Page Visit Counter 1.0 Cross Site Scripting. Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.
PSS-177052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177052. Advanced Page Visit Counter 1.0 Cross Site Scripting. Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
WLB-2024020037
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020037. Cacti pollers.php SQL Injection / Remote Code Execution.
WLB-2024020037
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020037. Cacti pollers.php SQL Injection / Remote Code Execution.
#ExploitObserverAlert
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
#ExploitObserverAlert
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
#ExploitObserverAlert
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
#ExploitObserverAlert
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000