#ExploitObserverAlert
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
EDB-51790
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51790. Rail Pass Management System 1.0 - Time-Based SQL Injection
#ExploitObserverAlert
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
ZDI-24-120
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-120. X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.
#ExploitObserverAlert
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-24830
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
CVE-2024-24831
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
#ExploitObserverAlert
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
#ExploitObserverAlert
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
#ExploitObserverAlert
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
#ExploitObserverAlert
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
#ExploitObserverAlert
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
#ExploitObserverAlert
CVE-2024-23514
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23514. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.
FIRST-EPSS: 0.000430000
CVE-2024-23514
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23514. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
#ExploitObserverAlert
JVNDB-2024-001785
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to JVNDB-2024-001785. Incorrect permission assignment vulnerability in Trend Micro uiAirSupport.
JVNDB-2024-001785
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to JVNDB-2024-001785. Incorrect permission assignment vulnerability in Trend Micro uiAirSupport.
#ExploitObserverAlert
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
#ExploitObserverAlert
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-002050
DESCRIPTION: Exploit Observer has 12 entries in 2 file formats related to JVNDB-2024-002050. Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers.
JVNDB-2024-002050
DESCRIPTION: Exploit Observer has 12 entries in 2 file formats related to JVNDB-2024-002050. Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers.
#ExploitObserverAlert
JVNDB-2024-001160
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-001160. File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter.
JVNDB-2024-001160
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-001160. File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter.
#ExploitObserverAlert
WLB-2024020041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020041. Advanced Page Visit Counter 1.0 Cross Site Scripting.
WLB-2024020041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020041. Advanced Page Visit Counter 1.0 Cross Site Scripting.
#ExploitObserverAlert
WLB-2024020040
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020040. SCHLIX v2.2.8-1 Regular Expression Denial of Service.
WLB-2024020040
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020040. SCHLIX v2.2.8-1 Regular Expression Denial of Service.