#ExploitObserverAlert
ZDI-24-107
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-107. Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.
ZDI-24-107
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-107. Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.
#ExploitObserverAlert
PSS-177064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177064. Ubuntu Security Notice USN-6625-2. Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
PSS-177064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177064. Ubuntu Security Notice USN-6625-2. Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
#ExploitObserverAlert
CVE-2024-24350
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24350. File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.
FIRST-EPSS: 0.000430000
CVE-2024-24350
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24350. File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-108. Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-22528.
ZDI-24-108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-108. Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-22528.
#ExploitObserverAlert
CVE-2024-24706
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24706. Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
FIRST-EPSS: 0.000430000
CVE-2024-24706
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24706. Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51789. Wordpress Seotheme - Remote Code Execution Unauthenticated
EDB-51789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51789. Wordpress Seotheme - Remote Code Execution Unauthenticated
#ExploitObserverAlert
PSS-177051
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177051. Red Hat Security Advisory 2024-0748-03. Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
PSS-177051
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177051. Red Hat Security Advisory 2024-0748-03. Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
#ExploitObserverAlert
WLB-2024020034
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020034. Newgen Technologies SQL Injection Vulnerability.
WLB-2024020034
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020034. Newgen Technologies SQL Injection Vulnerability.
#ExploitObserverAlert
PSS-177050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177050. Red Hat Security Advisory 2024-0746-03. Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
PSS-177050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177050. Red Hat Security Advisory 2024-0746-03. Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
#ExploitObserverAlert
ZDI-24-104
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-104. Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22548.
ZDI-24-104
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-104. Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22548.
#ExploitObserverAlert
PSS-177069
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to PSS-177069. IBM i Access Client Solutions Remote Credential Theft. IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
PSS-177069
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to PSS-177069. IBM i Access Client Solutions Remote Credential Theft. IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
#ExploitObserverAlert
PSS-177052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177052. Advanced Page Visit Counter 1.0 Cross Site Scripting. Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.
PSS-177052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177052. Advanced Page Visit Counter 1.0 Cross Site Scripting. Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
WLB-2024020037
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020037. Cacti pollers.php SQL Injection / Remote Code Execution.
WLB-2024020037
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020037. Cacti pollers.php SQL Injection / Remote Code Execution.
#ExploitObserverAlert
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
#ExploitObserverAlert
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
#ExploitObserverAlert
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
#ExploitObserverAlert
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-23749
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23749. KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
FIRST-EPSS: 0.000430000
CVE-2024-23749
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23749. KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-116
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-116. Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23116.
ZDI-24-116
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-116. Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23116.
#ExploitObserverAlert
ZDI-24-098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-24-098. Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-7032.
ZDI-24-098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-24-098. Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-7032.
#ExploitObserverAlert
ZDI-24-105
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-105. Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.
ZDI-24-105
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-105. Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.