#ExploitObserverAlert
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
WLB-2024020042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020042. IBM i Access Client Solutions Remote Credential Theft.
#ExploitObserverAlert
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
JVNDB-2024-000015
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to JVNDB-2024-000015. Payment EX vulnerable to information disclosure.
#ExploitObserverAlert
WLB-2024020044
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020044. Maythux CMS BackDoor & SQL Vulnerability.
WLB-2024020044
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020044. Maythux CMS BackDoor & SQL Vulnerability.
#ExploitObserverAlert
WLB-2024020041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020041. Advanced Page Visit Counter 1.0 Cross Site Scripting.
WLB-2024020041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020041. Advanced Page Visit Counter 1.0 Cross Site Scripting.
#ExploitObserverAlert
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
JVNDB-2024-000017
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-000017. Cybozu KUNAI for Android vulnerable to denial-of-service (DoS).
#ExploitObserverAlert
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
JVNDB-2024-001804
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to JVNDB-2024-001804. Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2.
#ExploitObserverAlert
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
CVE-2024-24801
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24801. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000
CVE-2024-24804
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24804. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
WLB-2024020045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020045. IBM i Access Client Solutions / Remote Credential Theft.
#ExploitObserverAlert
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
CVE-2024-23516
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23516. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
JVNDB-2024-001161
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to JVNDB-2024-001161. Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services.
#ExploitObserverAlert
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
JVNDB-2024-000016
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to JVNDB-2024-000016. Group Office vulnerable to cross-site scripting.
#ExploitObserverAlert
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
JVNDB-2020-013805
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to JVNDB-2020-013805. Zeroshell vulnerable to OS command injection.
#ExploitObserverAlert
CVE-2024-25718
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-25718. In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
FIRST-EPSS: 0.000440000
CVE-2024-25718
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-25718. In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
TALOS-2016-0173
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to TALOS-2016-0173. LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability. An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack based buffer overflow causing an out of bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution.
TALOS-2016-0173
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to TALOS-2016-0173. LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability. An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack based buffer overflow causing an out of bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution.
#ExploitObserverAlert
CVE-2024-21875
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21875. Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.
FIRST-EPSS: 0.000430000
CVE-2024-21875
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21875. Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-23724
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-23724. Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
FIRST-EPSS: 0.000450000
CVE-2024-23724
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-23724. Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
WLB-2024020046
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020046. iCT Sky SQL Injection.
WLB-2024020046
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020046. iCT Sky SQL Injection.
#ExploitObserverAlert
TALOS-2018-0614
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to TALOS-2018-0614. Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability. A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory access in the context of the kernel. This can be used for privilege escalation.
TALOS-2018-0614
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to TALOS-2018-0614. Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability. A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory access in the context of the kernel. This can be used for privilege escalation.
#ExploitObserverAlert
TALOS-2022-1508
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to TALOS-2022-1508. Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability. A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 (Build) (64-bit) and 99.0.4844.82 (Build) (64-bit). A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability.
TALOS-2022-1508
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to TALOS-2022-1508. Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability. A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 (Build) (64-bit) and 99.0.4844.82 (Build) (64-bit). A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability.
#ExploitObserverAlert
TALOS-2019-0968
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to TALOS-2019-0968. Microsoft Office Excel Ordinal43 code execution vulnerability. An exploitable use-after-free vulnerability exists in Excel in Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86, version 1902, build 11328.20480. A specially crafted XLS file can cause a use after free condition, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
TALOS-2019-0968
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to TALOS-2019-0968. Microsoft Office Excel Ordinal43 code execution vulnerability. An exploitable use-after-free vulnerability exists in Excel in Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86, version 1902, build 11328.20480. A specially crafted XLS file can cause a use after free condition, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.