#ExploitObserverAlert
CVE-2024-1501
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1501. The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.000450000
CVE-2024-1501
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1501. The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-52441
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52441. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.
FIRST-EPSS: 0.000450000
CVE-2023-52441
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52441. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-0593
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0593. The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
FIRST-EPSS: 0.000430000
CVE-2024-0593
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0593. The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177232
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177232. Ubuntu Security Notice USN-6647-1. Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-177232
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177232. Ubuntu Security Notice USN-6647-1. Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
PSS-177235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177235. Botan C++ Crypto Algorithms Library 3.3.0. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.
PSS-177235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177235. Botan C++ Crypto Algorithms Library 3.3.0. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.
#ExploitObserverAlert
PSS-177233
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177233. OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation. OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
PSS-177233
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177233. OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation. OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
#ExploitObserverAlert
ZDI-24-192
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-192. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-0865.
ZDI-24-192
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-192. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-0865.
#ExploitObserverAlert
PSS-177228
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177228. Ubuntu Security Notice USN-6584-2. Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
PSS-177228
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177228. Ubuntu Security Notice USN-6584-2. Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
#ExploitObserverAlert
GHSA-6vqw-3v5j-54x4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6vqw-3v5j-54x4. cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
GHSA-6vqw-3v5j-54x4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6vqw-3v5j-54x4. cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
#ExploitObserverAlert
PSS-177224
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177224. ITFlow Cross Site Request Forgery. ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.
PSS-177224
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177224. ITFlow Cross Site Request Forgery. ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.
#ExploitObserverAlert
PSS-177222
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177222. Red Hat Security Advisory 2024-0930-03. Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.
PSS-177222
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177222. Red Hat Security Advisory 2024-0930-03. Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.
#ExploitObserverAlert
ZDI-24-187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-187. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-187. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
GHSA-f3qr-qr4x-j273
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qr-qr4x-j273. php-svg-lib lacks path validation on font through SVG inline styles
GHSA-f3qr-qr4x-j273
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qr-qr4x-j273. php-svg-lib lacks path validation on font through SVG inline styles
#ExploitObserverAlert
ZDI-24-185
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-185. Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50233.
ZDI-24-185
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-185. Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50233.
#ExploitObserverAlert
ZDI-24-190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-190. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-190. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
PSS-177220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177220. WEBIGniter 28.7.23 Cross Site Scripting. WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.
PSS-177220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177220. WEBIGniter 28.7.23 Cross Site Scripting. WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
GHSA-vgv8-5cpj-qj2f
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-vgv8-5cpj-qj2f. pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
GHSA-vgv8-5cpj-qj2f
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-vgv8-5cpj-qj2f. pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
#ExploitObserverAlert
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
#ExploitObserverAlert
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
#ExploitObserverAlert
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details