#ExploitObserverAlert
CVE-2024-1156
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1156. Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
CVE-2024-1156
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1156. Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
#ExploitObserverAlert
TALOS-2024-1918
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1918. Contact Cisco Talos Incident Response.
TALOS-2024-1918
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1918. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2024-1917
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1917. Contact Cisco Talos Incident Response.
TALOS-2024-1917
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1917. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-r275-j57c-7mf2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r275-j57c-7mf2. Race condition in Endorsements
GHSA-r275-j57c-7mf2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r275-j57c-7mf2. Race condition in Endorsements
#ExploitObserverAlert
WLB-2024020063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020063. Kafka UI 0.7.1 Command Injection.
WLB-2024020063
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020063. Kafka UI 0.7.1 Command Injection.
#ExploitObserverAlert
GHSA-93x8-66j2-wwr5
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-93x8-66j2-wwr5. Server-Side Request Forgery in github.com/greenpau/caddy-security
GHSA-93x8-66j2-wwr5
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-93x8-66j2-wwr5. Server-Side Request Forgery in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2023-38562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38562. A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
CVE-2023-38562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38562. A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
#ExploitObserverAlert
CVE-2024-25274
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25274. An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-25274
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25274. An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.
#ExploitObserverAlert
CVE-2024-25630
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25630. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
CVE-2024-25630
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25630. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
#ExploitObserverAlert
CVE-2024-23305
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23305. An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23305
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23305. An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23310. A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23310. A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-6wr5-jmpr-mjcx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6wr5-jmpr-mjcx. Uncaught Exception in Macro Expecting Native Function to Exist
GHSA-6wr5-jmpr-mjcx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6wr5-jmpr-mjcx. Uncaught Exception in Macro Expecting Native Function to Exist
#ExploitObserverAlert
GHSA-jfrg-9hpq-9hvp
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-jfrg-9hpq-9hvp. Improper Access Control in moodle
GHSA-jfrg-9hpq-9hvp
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-jfrg-9hpq-9hvp. Improper Access Control in moodle
#ExploitObserverAlert
CVE-2024-22054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22054. A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.65 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
CVE-2024-22054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22054. A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.65 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
#ExploitObserverAlert
WLB-2024020067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020067. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution.
WLB-2024020067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020067. WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution.
#ExploitObserverAlert
GHSA-c7vf-m394-m4x4
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-c7vf-m394-m4x4. Use of Insufficiently Random Values in github.com/greenpau/caddy-security
GHSA-c7vf-m394-m4x4
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-c7vf-m394-m4x4. Use of Insufficiently Random Values in github.com/greenpau/caddy-security
#ExploitObserverAlert
GHSA-6vjf-48fh-vxxj
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-6vjf-48fh-vxxj. Improper Handling of Parameters in moodle
GHSA-6vjf-48fh-vxxj
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-6vjf-48fh-vxxj. Improper Handling of Parameters in moodle
#ExploitObserverAlert
CVE-2024-25141
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25141. When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
CVE-2024-25141
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25141. When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
#ExploitObserverAlert
CVE-2024-23830
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23830. MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.
CVE-2024-23830
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23830. MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.
#ExploitObserverAlert
GHSA-3366-9287-7qpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3366-9287-7qpr. Path disclosure in JavaScript variable
GHSA-3366-9287-7qpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3366-9287-7qpr. Path disclosure in JavaScript variable
#ExploitObserverAlert
GHSA-9r26-5w88-qhp9
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-9r26-5w88-qhp9. Authorization Bypass in moodle
GHSA-9r26-5w88-qhp9
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-9r26-5w88-qhp9. Authorization Bypass in moodle