#ExploitObserverAlert
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
CVE-2024-22234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
CVE-2024-25609
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25609. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
#ExploitObserverAlert
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVE-2023-49250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49250. Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weakkey-exchange-algo. SSH Weak Key Exchange Algorithms Enabled indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
#ExploitObserverAlert
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
PSS-177197
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177197. Red Hat Security Advisory 2024-0876-03. Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
#ExploitObserverAlert
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
CVE-2023-50270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50270. Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
#ExploitObserverAlert
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
PSS-177195
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177195. Red Hat Security Advisory 2024-0863-03. Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-6397
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6397. A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
CVE-2024-25607
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25607. The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
#ExploitObserverAlert
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-1647
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1647. Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
FIRST-EPSS: 0.000870000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
CVE-2024-25974
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25974. The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
#ExploitObserverAlert
CVE-2023-51770
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51770. Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2023-51770
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51770. Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
PD/javascript/misconfiguration/smb/smb-anonymous-access
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-anonymous-access. Detects anonymous access to SMB shares on a remote server.
PD/javascript/misconfiguration/smb/smb-anonymous-access
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-anonymous-access. Detects anonymous access to SMB shares on a remote server.
#ExploitObserverAlert
CVE-2024-25606
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25606. XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
CVE-2024-25606
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25606. XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.
#ExploitObserverAlert
CVE-2024-25605
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25605. The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
CVE-2024-25605
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25605. The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
#ExploitObserverAlert
GHSA-3w4h-r27h-4r2w
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3w4h-r27h-4r2w. TYPO3 Image Processing susceptible to Code Execution
GHSA-3w4h-r27h-4r2w
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3w4h-r27h-4r2w. TYPO3 Image Processing susceptible to Code Execution
#ExploitObserverAlert
TALOS-2023-1843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1843. Contact Cisco Talos Incident Response.
TALOS-2023-1843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1843. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
PD/javascript/misconfiguration/ssh/ssh-cbc-mode-ciphers
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-cbc-mode-ciphers. "SSH Server CBC Mode Ciphers Enabled" signifies that the SSH server supports Cipher Block Chaining (CBC) mode ciphers, which are known for potential vulnerabilities. This configuration poses a security risk, and it's recommended to disable CBC ciphers in favor of more secure alternatives for enhanced protection during data transmission.
PD/javascript/misconfiguration/ssh/ssh-cbc-mode-ciphers
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-cbc-mode-ciphers. "SSH Server CBC Mode Ciphers Enabled" signifies that the SSH server supports Cipher Block Chaining (CBC) mode ciphers, which are known for potential vulnerabilities. This configuration poses a security risk, and it's recommended to disable CBC ciphers in favor of more secure alternatives for enhanced protection during data transmission.
#ExploitObserverAlert
CVE-2023-49109
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49109. Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2023-49109
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49109. Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
#ExploitObserverAlert
CVE-2024-25608
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25608. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
CVE-2024-25608
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25608. HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
#ExploitObserverAlert
GHSA-5jjq-8cvj-v6m9
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-5jjq-8cvj-v6m9. Cross-site Scripting in Serenity
GHSA-5jjq-8cvj-v6m9
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-5jjq-8cvj-v6m9. Cross-site Scripting in Serenity