#ExploitObserverAlert
CVE-2024-25610
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25610. In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.
CVE-2024-25610
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25610. In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.
#ExploitObserverAlert
WLB-2024020068
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020068. SPA-CART CMS - Stored XSS.
WLB-2024020068
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020068. SPA-CART CMS - Stored XSS.
#ExploitObserverAlert
CVE-2024-1661
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1661. A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1661
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1661. A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-25199
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25199. Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVE-2024-25199
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25199. Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
#ExploitObserverAlert
CVE-2024-26581
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26581. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.
CVE-2024-26581
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26581. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.
#ExploitObserverAlert
CVE-2024-26270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26270. The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.
CVE-2024-26270
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26270. The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.
#ExploitObserverAlert
CVE-2024-1156
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1156. Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
CVE-2024-1156
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1156. Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
#ExploitObserverAlert
TALOS-2024-1918
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1918. Contact Cisco Talos Incident Response.
TALOS-2024-1918
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1918. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2024-1917
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1917. Contact Cisco Talos Incident Response.
TALOS-2024-1917
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1917. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-r275-j57c-7mf2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r275-j57c-7mf2. Race condition in Endorsements
GHSA-r275-j57c-7mf2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r275-j57c-7mf2. Race condition in Endorsements
#ExploitObserverAlert
WLB-2024020063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020063. Kafka UI 0.7.1 Command Injection.
WLB-2024020063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020063. Kafka UI 0.7.1 Command Injection.
#ExploitObserverAlert
GHSA-93x8-66j2-wwr5
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-93x8-66j2-wwr5. Server-Side Request Forgery in github.com/greenpau/caddy-security
GHSA-93x8-66j2-wwr5
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-93x8-66j2-wwr5. Server-Side Request Forgery in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2023-38562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38562. A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
CVE-2023-38562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38562. A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
#ExploitObserverAlert
CVE-2024-25274
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25274. An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-25274
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25274. An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.
#ExploitObserverAlert
CVE-2024-25630
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25630. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
CVE-2024-25630
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25630. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
#ExploitObserverAlert
CVE-2024-23305
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23305. An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23305
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23305. An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23310. A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23310. A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-6wr5-jmpr-mjcx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6wr5-jmpr-mjcx. Uncaught Exception in Macro Expecting Native Function to Exist
GHSA-6wr5-jmpr-mjcx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6wr5-jmpr-mjcx. Uncaught Exception in Macro Expecting Native Function to Exist
#ExploitObserverAlert
GHSA-jfrg-9hpq-9hvp
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-jfrg-9hpq-9hvp. Improper Access Control in moodle
GHSA-jfrg-9hpq-9hvp
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-jfrg-9hpq-9hvp. Improper Access Control in moodle
#ExploitObserverAlert
CVE-2024-22054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22054. A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.65 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
CVE-2024-22054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22054. A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.65 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
#ExploitObserverAlert
WLB-2024020067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020067. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution.
WLB-2024020067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020067. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution.