#ExploitObserverAlert
ZDI-24-113
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-113. Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23119.
ZDI-24-113
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-113. Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23119.
#ExploitObserverAlert
PSS-177049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177049. Red Hat Security Advisory 2024-0745-03. Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.
PSS-177049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177049. Red Hat Security Advisory 2024-0745-03. Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.
#ExploitObserverAlert
PD/http/cves/2024/CVE-2024-22024
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-22024. Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
PD/http/cves/2024/CVE-2024-22024
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-22024. Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
#ExploitObserverAlert
EDB-51785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51785. Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
EDB-51785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51785. Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
#ExploitObserverAlert
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
#ExploitObserverAlert
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
#ExploitObserverAlert
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
#ExploitObserverAlert
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
#ExploitObserverAlert
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
#ExploitObserverAlert
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
#ExploitObserverAlert
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
#ExploitObserverAlert
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
#ExploitObserverAlert
CVE-2024-23514
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23514. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.
FIRST-EPSS: 0.000430000
CVE-2024-23514
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23514. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
#ExploitObserverAlert
JVNDB-2024-001785
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to JVNDB-2024-001785. Incorrect permission assignment vulnerability in Trend Micro uiAirSupport.
JVNDB-2024-001785
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to JVNDB-2024-001785. Incorrect permission assignment vulnerability in Trend Micro uiAirSupport.
#ExploitObserverAlert
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
#ExploitObserverAlert
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000