#ExploitObserverAlert
GHSA-3366-9287-7qpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3366-9287-7qpr. Path disclosure in JavaScript variable
GHSA-3366-9287-7qpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3366-9287-7qpr. Path disclosure in JavaScript variable
#ExploitObserverAlert
GHSA-9r26-5w88-qhp9
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-9r26-5w88-qhp9. Authorization Bypass in moodle
GHSA-9r26-5w88-qhp9
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-9r26-5w88-qhp9. Authorization Bypass in moodle
#ExploitObserverAlert
GHSA-q3gg-m8hr-h4x4
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-q3gg-m8hr-h4x4. Externally Controlled Format String in Scripting Functions
GHSA-q3gg-m8hr-h4x4
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-q3gg-m8hr-h4x4. Externally Controlled Format String in Scripting Functions
#ExploitObserverAlert
GHSA-7pjp-fm93-p6pj
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-7pjp-fm93-p6pj. Cross-Site Request Forgery in moodle
GHSA-7pjp-fm93-p6pj
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-7pjp-fm93-p6pj. Cross-Site Request Forgery in moodle
#ExploitObserverAlert
CVE-2024-26265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26265. The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.
CVE-2024-26265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26265. The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.
#ExploitObserverAlert
CVE-2024-26268
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26268. User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
CVE-2024-26268
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26268. User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
#ExploitObserverAlert
TALOS-2024-1921
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1921. Contact Cisco Talos Incident Response.
TALOS-2024-1921
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1921. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-8xff-473h-f863
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-8xff-473h-f863. Uncaught Exception Handling Parsing Errors on Line Terminators
GHSA-8xff-473h-f863
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to GHSA-8xff-473h-f863. Uncaught Exception Handling Parsing Errors on Line Terminators
#ExploitObserverAlert
GHSA-487g-3m3v-hjhq
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-487g-3m3v-hjhq. Uncontrolled Resource Consumption in moodle
GHSA-487g-3m3v-hjhq
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-487g-3m3v-hjhq. Uncontrolled Resource Consumption in moodle
#ExploitObserverAlert
CVE-2023-46967
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-46967. Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
CVE-2023-46967
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-46967. Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
#ExploitObserverAlert
CVE-2024-24794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24794. A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2024-24794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24794. A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
GHSA-3qpq-6w89-f7mx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3qpq-6w89-f7mx. Pimcore Host Header Injection in user invitation link
GHSA-3qpq-6w89-f7mx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3qpq-6w89-f7mx. Pimcore Host Header Injection in user invitation link
#ExploitObserverAlert
GHSA-4265-ccf5-phj5
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-4265-ccf5-phj5. Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
GHSA-4265-ccf5-phj5
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-4265-ccf5-phj5. Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
#ExploitObserverAlert
TALOS-2024-1919
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1919. Contact Cisco Talos Incident Response.
TALOS-2024-1919
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1919. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
CVE-2024-22250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22250. Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
CVE-2024-22250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22250. Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
#ExploitObserverAlert
GHSA-vfph-hjfv-cpv2
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vfph-hjfv-cpv2. Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
GHSA-vfph-hjfv-cpv2
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vfph-hjfv-cpv2. Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
#ExploitObserverAlert
GHSA-xfg6-62px-cxc2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-xfg6-62px-cxc2. SQL injection in pgjdbc
GHSA-xfg6-62px-cxc2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-xfg6-62px-cxc2. SQL injection in pgjdbc
#ExploitObserverAlert
GHSA-cp8m-h777-g4p3
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-cp8m-h777-g4p3. Improper Access Control in moodle
GHSA-cp8m-h777-g4p3
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-cp8m-h777-g4p3. Improper Access Control in moodle
#ExploitObserverAlert
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
#ExploitObserverAlert
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
#ExploitObserverAlert
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).