#ExploitObserverAlert
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
PSS-177070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177070. Faraday 5.1.0. Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
#ExploitObserverAlert
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
PSS-177053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177053. Red Hat Security Advisory 2024-0749-03. Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.
#ExploitObserverAlert
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
WLB-2024020038
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020038. chenarkhayyam SQL Injection.
#ExploitObserverAlert
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000
CVE-2024-24213
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24213. Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-23749
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23749. KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
FIRST-EPSS: 0.000430000
CVE-2024-23749
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23749. KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-116
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-116. Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23116.
ZDI-24-116
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-116. Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23116.
#ExploitObserverAlert
ZDI-24-098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-24-098. Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-7032.
ZDI-24-098
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-24-098. Schneider Electric Easergy Studio InitializeChannel Deserialization of Untrusted Data Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric Easergy Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-7032.
#ExploitObserverAlert
ZDI-24-105
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-105. Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.
ZDI-24-105
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-105. Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.
#ExploitObserverAlert
ZDI-24-112
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-112. Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-22507.
ZDI-24-112
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-112. Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-22507.
#ExploitObserverAlert
CVE-2024-22795
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22795. Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
FIRST-EPSS: 0.000450000
CVE-2024-22795
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22795. Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
PSS-177057
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177057. Red Hat Security Advisory 2024-0753-03. Red Hat Security Advisory 2024-0753-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
PSS-177057
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177057. Red Hat Security Advisory 2024-0753-03. Red Hat Security Advisory 2024-0753-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
#ExploitObserverAlert
WLB-2024020039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020039. SKC Infotech Admin Bypass & SQL Injection Vulnerability.
WLB-2024020039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020039. SKC Infotech Admin Bypass & SQL Injection Vulnerability.
#ExploitObserverAlert
CVE-2024-23452
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23452. Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518
FIRST-EPSS: 0.000450000
CVE-2024-23452
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23452. Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25450
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25450. imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
FIRST-EPSS: 0.000430000
CVE-2024-25450
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25450. imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24828
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24828. pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.
FIRST-EPSS: 0.000430000
CVE-2024-24828
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24828. pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25004. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
CVE-2024-25004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25004. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-097
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.
ZDI-24-097
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.
#ExploitObserverAlert
CVE-2024-24806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000620000
CVE-2024-24806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000620000
#ExploitObserverAlert
PSS-177061
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177061. Red Hat Security Advisory 2024-0756-03. Red Hat Security Advisory 2024-0756-03 - An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
PSS-177061
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177061. Red Hat Security Advisory 2024-0756-03. Red Hat Security Advisory 2024-0756-03 - An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
#ExploitObserverAlert
CVE-2023-6935
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6935. wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
FIRST-EPSS: 0.000430000
CVE-2023-6935
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6935. wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25107
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25107. WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000450000
CVE-2024-25107
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25107. WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000450000