#ExploitObserverAlert
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
#ExploitObserverAlert
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
#ExploitObserverAlert
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
#ExploitObserverAlert
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
#ExploitObserverAlert
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
ZDI-24-186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-186. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-186
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-186. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
PSS-177234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177234. Botan C++ Crypto Algorithms Library 2.19.4. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.
PSS-177234
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177234. Botan C++ Crypto Algorithms Library 2.19.4. Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.
#ExploitObserverAlert
PSS-177219
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177219. Red Hat Security Advisory 2024-0837-03. Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.
PSS-177219
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177219. Red Hat Security Advisory 2024-0837-03. Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.
#ExploitObserverAlert
ZDI-24-189
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-189. Trimble SketchUp SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
ZDI-24-189
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-189. Trimble SketchUp SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
#ExploitObserverAlert
PSS-177226
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177226. Fuelflow 1.0 SQL Injection. Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.
PSS-177226
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177226. Fuelflow 1.0 SQL Injection. Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.
#ExploitObserverAlert
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
#ExploitObserverAlert
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
#ExploitObserverAlert
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
#ExploitObserverAlert
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
#ExploitObserverAlert
GHSA-hgr6-6hhw-883f
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-hgr6-6hhw-883f. Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
GHSA-hgr6-6hhw-883f
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-hgr6-6hhw-883f. Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
#ExploitObserverAlert
GHSA-r48h-jr2j-9g78
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-r48h-jr2j-9g78. HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
GHSA-r48h-jr2j-9g78
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-r48h-jr2j-9g78. HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
#ExploitObserverAlert
CVE-2023-51828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51828. A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
CVE-2023-51828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51828. A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
#ExploitObserverAlert
CVE-2024-1474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1474. In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
CVE-2024-1474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1474. In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
#ExploitObserverAlert
CVE-2024-25894
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25894. ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
CVE-2024-25894
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25894. ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
#ExploitObserverAlert
GHSA-43v2-6grp-9pp9
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-43v2-6grp-9pp9. Apache Tomcat does not enforce the maxHttpHeaderSize limit
GHSA-43v2-6grp-9pp9
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-43v2-6grp-9pp9. Apache Tomcat does not enforce the maxHttpHeaderSize limit
#ExploitObserverAlert
CVE-2024-1702
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1702. A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1702
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1702. A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.