#ExploitObserverAlert
CVE-2024-26308
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
CVE-2024-26308
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
#ExploitObserverAlert
PSS-177174
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177174. Gentoo Linux Security Advisory 202402-17. Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.
PSS-177174
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177174. Gentoo Linux Security Advisory 202402-17. Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.
#ExploitObserverAlert
PSS-177188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177188. Gentoo Linux Security Advisory 202402-26. Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.
PSS-177188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177188. Gentoo Linux Security Advisory 202402-26. Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.
#ExploitObserverAlert
PSS-177186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177186. Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass. This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
PSS-177186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177186. Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass. This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
#ExploitObserverAlert
CVE-2024-26318
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26318. Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
FIRST-EPSS: 0.000430000
CVE-2024-26318
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26318. Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177176
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177176. Gentoo Linux Security Advisory 202402-19. Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.
PSS-177176
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177176. Gentoo Linux Security Advisory 202402-19. Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.
#ExploitObserverAlert
PSS-177169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177169. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution. WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.
PSS-177169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177169. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution. WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.
#ExploitObserverAlert
PSS-177180
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177180. Gentoo Linux Security Advisory 202402-22. Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.
PSS-177180
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177180. Gentoo Linux Security Advisory 202402-22. Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.
#ExploitObserverAlert
PSS-177192
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177192. Gentoo Linux Security Advisory 202402-28. Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
PSS-177192
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177192. Gentoo Linux Security Advisory 202402-28. Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
#ExploitObserverAlert
PSS-177184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177184. Gentoo Linux Security Advisory 202402-21. Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.
PSS-177184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177184. Gentoo Linux Security Advisory 202402-21. Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.
#ExploitObserverAlert
PSS-177191
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177191. Debian Security Advisory 5626-1. Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.
PSS-177191
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177191. Debian Security Advisory 5626-1. Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.
#ExploitObserverAlert
CVE-2024-24722
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24722. An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.
FIRST-EPSS: 0.000450000
CVE-2024-24722
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24722. An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2022-48624
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-48624. close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
FIRST-EPSS: 0.000450000
CVE-2022-48624
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-48624. close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
PSS-177173
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177173. Employee Management System 1.0 SQL Injection. Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
PSS-177173
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177173. Employee Management System 1.0 SQL Injection. Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
#ExploitObserverAlert
PSS-177183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177183. InstantCMS 2.16.1 Cross Site Scripting. InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.
PSS-177183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177183. InstantCMS 2.16.1 Cross Site Scripting. InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.
#ExploitObserverAlert
PSS-177187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177187. Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass. Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.
PSS-177187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177187. Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass. Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.
#ExploitObserverAlert
PSS-177179
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177179. SureMDM On-Premise CAPTCHA Bypass / User Enumeration. SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.
PSS-177179
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177179. SureMDM On-Premise CAPTCHA Bypass / User Enumeration. SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.
#ExploitObserverAlert
PSS-177190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177190. Gentoo Linux Security Advisory 202402-27. Gentoo Linux Security Advisory 202402-27 - A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal to 3.38.2 are affected.
PSS-177190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177190. Gentoo Linux Security Advisory 202402-27. Gentoo Linux Security Advisory 202402-27 - A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal to 3.38.2 are affected.
#ExploitObserverAlert
PSS-177175
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177175. Gentoo Linux Security Advisory 202402-18. Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.
PSS-177175
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177175. Gentoo Linux Security Advisory 202402-18. Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.
#ExploitObserverAlert
CVE-2023-6260
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6260. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.
CVE-2023-6260
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6260. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.
#ExploitObserverAlert
CVE-2024-25978
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25978. Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
CVE-2024-25978
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25978. Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.