#ExploitObserverAlert
PSS-177054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177054. Red Hat Security Advisory 2024-0750-03. Red Hat Security Advisory 2024-0750-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
PSS-177054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177054. Red Hat Security Advisory 2024-0750-03. Red Hat Security Advisory 2024-0750-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
#ExploitObserverAlert
ZDI-24-103
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-103. Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22510.
ZDI-24-103
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-103. Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22510.
#ExploitObserverAlert
CVE-2024-25679
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25679. In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
FIRST-EPSS: 0.000450000
CVE-2024-25679
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25679. In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25003
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25003. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
CVE-2024-25003
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25003. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177062
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177062. Red Hat Security Advisory 2024-0757-03. Red Hat Security Advisory 2024-0757-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
PSS-177062
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177062. Red Hat Security Advisory 2024-0757-03. Red Hat Security Advisory 2024-0757-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
#ExploitObserverAlert
PSS-177055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177055. Red Hat Security Advisory 2024-0751-03. Red Hat Security Advisory 2024-0751-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
PSS-177055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177055. Red Hat Security Advisory 2024-0751-03. Red Hat Security Advisory 2024-0751-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
#ExploitObserverAlert
ZDI-24-106
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-106. Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22505.
ZDI-24-106
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-106. Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22505.
#ExploitObserverAlert
CVE-2024-24321
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24321. An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
FIRST-EPSS: 0.000450000
CVE-2024-24321
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24321. An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
ZDI-24-115
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-115. Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23117.
ZDI-24-115
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-115. Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-23117.
#ExploitObserverAlert
ZDI-24-113
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-113. Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23119.
ZDI-24-113
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-113. Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23119.
#ExploitObserverAlert
PSS-177049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177049. Red Hat Security Advisory 2024-0745-03. Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.
PSS-177049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177049. Red Hat Security Advisory 2024-0745-03. Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.
#ExploitObserverAlert
PD/http/cves/2024/CVE-2024-22024
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-22024. Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
PD/http/cves/2024/CVE-2024-22024
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-22024. Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
#ExploitObserverAlert
EDB-51785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51785. Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
EDB-51785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51785. Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
#ExploitObserverAlert
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
#ExploitObserverAlert
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
#ExploitObserverAlert
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
#ExploitObserverAlert
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
#ExploitObserverAlert
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.