#ExploitObserverAlert

CVE-2024-23830

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23830. MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.

#ExploitObserverAlert

GHSA-3366-9287-7qpr

DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3366-9287-7qpr. Path disclosure in JavaScript variable

#ExploitObserverAlert

GHSA-9r26-5w88-qhp9

DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-9r26-5w88-qhp9. Authorization Bypass in moodle

#ExploitObserverAlert

GHSA-q3gg-m8hr-h4x4

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-q3gg-m8hr-h4x4. Externally Controlled Format String in Scripting Functions

#ExploitObserverAlert

GHSA-7pjp-fm93-p6pj

DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-7pjp-fm93-p6pj. Cross-Site Request Forgery in moodle

#ExploitObserverAlert

CVE-2024-26265

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26265. The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.

#ExploitObserverAlert

CVE-2024-26268

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26268. User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

#ExploitObserverAlert

TALOS-2024-1921

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1921. Contact Cisco Talos Incident Response.

#ExploitObserverAlert

GHSA-8xff-473h-f863

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-8xff-473h-f863. Uncaught Exception Handling Parsing Errors on Line Terminators

#ExploitObserverAlert

GHSA-487g-3m3v-hjhq

DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-487g-3m3v-hjhq. Uncontrolled Resource Consumption in moodle

#ExploitObserverAlert

CVE-2023-46967

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-46967. Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.

#ExploitObserverAlert

CVE-2024-24794

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24794. A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.

NVD-IS: 5.9
NVD-ES: 2.2

#ExploitObserverAlert

GHSA-3qpq-6w89-f7mx

DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3qpq-6w89-f7mx. Pimcore Host Header Injection in user invitation link

#ExploitObserverAlert

GHSA-4265-ccf5-phj5

DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-4265-ccf5-phj5. Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

#ExploitObserverAlert

TALOS-2024-1919

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1919. Contact Cisco Talos Incident Response.

#ExploitObserverAlert

CVE-2024-22250

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22250. Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

#ExploitObserverAlert

GHSA-vfph-hjfv-cpv2

DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vfph-hjfv-cpv2. Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

#ExploitObserverAlert

GHSA-xfg6-62px-cxc2

DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-xfg6-62px-cxc2. SQL injection in pgjdbc

#ExploitObserverAlert

GHSA-cp8m-h777-g4p3

DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-cp8m-h777-g4p3. Improper Access Control in moodle

#ExploitObserverAlert

CVE-2024-25198

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

#ExploitObserverAlert

WLB-2024020065

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.