#ExploitObserverAlert
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
#ExploitObserverAlert
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
#ExploitObserverAlert
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1648
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1648. electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-1648
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1648. electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
PSS-177193
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177193. Red Hat Security Advisory 2024-0861-03. Red Hat Security Advisory 2024-0861-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
PSS-177193
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177193. Red Hat Security Advisory 2024-0861-03. Red Hat Security Advisory 2024-0861-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
PSS-177211
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177211. SPA-CART CMS 1.9.0.3 Cross Site Scripting. SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.
PSS-177211
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177211. SPA-CART CMS 1.9.0.3 Cross Site Scripting. SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
CVE-2024-1559
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1559. The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1559
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1559. The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
#ExploitObserverAlert
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
#ExploitObserverAlert
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
#ExploitObserverAlert
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
#ExploitObserverAlert
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
#ExploitObserverAlert
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
#ExploitObserverAlert
CVE-2023-51770
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51770. Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2023-51770
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51770. Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
PD/javascript/misconfiguration/smb/smb-anonymous-access
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-anonymous-access. Detects anonymous access to SMB shares on a remote server.
PD/javascript/misconfiguration/smb/smb-anonymous-access
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-anonymous-access. Detects anonymous access to SMB shares on a remote server.
#ExploitObserverAlert
CVE-2024-25606
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25606. XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
CVE-2024-25606
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25606. XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.