#ExploitObserverAlert
CVE-2023-6398
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6398. A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-6398
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6398. A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
PSS-177202
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177202. Red Hat Security Advisory 2024-0888-03. Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.
PSS-177202
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177202. Red Hat Security Advisory 2024-0888-03. Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.
#ExploitObserverAlert
CVE-2024-25150
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25150. Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
CVE-2024-25150
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25150. Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
#ExploitObserverAlert
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
#ExploitObserverAlert
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
#ExploitObserverAlert
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1648
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1648. electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-1648
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1648. electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
PSS-177193
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177193. Red Hat Security Advisory 2024-0861-03. Red Hat Security Advisory 2024-0861-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
PSS-177193
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177193. Red Hat Security Advisory 2024-0861-03. Red Hat Security Advisory 2024-0861-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
PSS-177211
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177211. SPA-CART CMS 1.9.0.3 Cross Site Scripting. SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.
PSS-177211
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177211. SPA-CART CMS 1.9.0.3 Cross Site Scripting. SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
CVE-2024-1559
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1559. The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1559
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1559. The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
#ExploitObserverAlert
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
#ExploitObserverAlert
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
#ExploitObserverAlert
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
#ExploitObserverAlert
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
#ExploitObserverAlert
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.