#ExploitObserverAlert
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
#ExploitObserverAlert
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
#ExploitObserverAlert
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details
#ExploitObserverAlert
PSS-177223
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177223. NFC Relay Attack On Tesla Model Y. This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.
PSS-177223
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177223. NFC Relay Attack On Tesla Model Y. This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.
#ExploitObserverAlert
PSS-177221
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177221. Red Hat Security Advisory 2024-0845-03. Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
PSS-177221
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177221. Red Hat Security Advisory 2024-0845-03. Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
#ExploitObserverAlert
PSS-177218
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177218. Red Hat Security Advisory 2024-0832-03. Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.
PSS-177218
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177218. Red Hat Security Advisory 2024-0832-03. Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.
#ExploitObserverAlert
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
#ExploitObserverAlert
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
#ExploitObserverAlert
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
#ExploitObserverAlert
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
#ExploitObserverAlert
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
ZDI-24-186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-186. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-186. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
PSS-177234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177234. Botan C++ Crypto Algorithms Library 2.19.4. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.
PSS-177234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177234. Botan C++ Crypto Algorithms Library 2.19.4. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.
#ExploitObserverAlert
PSS-177219
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177219. Red Hat Security Advisory 2024-0837-03. Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.
PSS-177219
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177219. Red Hat Security Advisory 2024-0837-03. Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.
#ExploitObserverAlert
ZDI-24-189
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-189. Trimble SketchUp SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
ZDI-24-189
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-189. Trimble SketchUp SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
#ExploitObserverAlert
PSS-177226
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177226. Fuelflow 1.0 SQL Injection. Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.
PSS-177226
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177226. Fuelflow 1.0 SQL Injection. Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.
#ExploitObserverAlert
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
#ExploitObserverAlert
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
#ExploitObserverAlert
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
#ExploitObserverAlert
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting