#ExploitObserverAlert
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
ZDI-24-184
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-184. Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
#ExploitObserverAlert
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
GHSA-24rp-q3w6-vc56
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-24rp-q3w6-vc56. org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
#ExploitObserverAlert
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
GHSA-84xv-jfrm-h4gm
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-84xv-jfrm-h4gm. registry-supper Path Traversal vulnerability
#ExploitObserverAlert
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
GHSA-rwhv-hvj2-qrqm
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwhv-hvj2-qrqm. Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
#ExploitObserverAlert
GHSA-hgr6-6hhw-883f
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-hgr6-6hhw-883f. Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
GHSA-hgr6-6hhw-883f
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-hgr6-6hhw-883f. Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
#ExploitObserverAlert
GHSA-r48h-jr2j-9g78
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-r48h-jr2j-9g78. HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
GHSA-r48h-jr2j-9g78
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-r48h-jr2j-9g78. HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
#ExploitObserverAlert
CVE-2023-51828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51828. A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
CVE-2023-51828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51828. A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
#ExploitObserverAlert
CVE-2024-1474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1474. In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
CVE-2024-1474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1474. In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
#ExploitObserverAlert
CVE-2024-25894
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25894. ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
CVE-2024-25894
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25894. ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
#ExploitObserverAlert
GHSA-43v2-6grp-9pp9
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-43v2-6grp-9pp9. Apache Tomcat does not enforce the maxHttpHeaderSize limit
GHSA-43v2-6grp-9pp9
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-43v2-6grp-9pp9. Apache Tomcat does not enforce the maxHttpHeaderSize limit
#ExploitObserverAlert
CVE-2024-1702
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1702. A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1702
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1702. A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-26584
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26584. In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.
CVE-2024-26584
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26584. In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.
#ExploitObserverAlert
CVE-2022-45179
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45179. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials).
CVE-2022-45179
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45179. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials).
#ExploitObserverAlert
CVE-2023-49100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49100. Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.
CVE-2023-49100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49100. Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.
#ExploitObserverAlert
CVE-2022-45169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45169. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
CVE-2022-45169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45169. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
#ExploitObserverAlert
CVE-2024-1709
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1709. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE-2024-1709
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1709. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
#ExploitObserverAlert
CVE-2024-22473
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22473. TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
CVE-2024-22473
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22473. TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
#ExploitObserverAlert
CVE-2024-1707
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1707. A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1707
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1707. A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2023-24330
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24330. Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
CVE-2023-24330
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24330. Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
#ExploitObserverAlert
CVE-2023-52155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52155. A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
CVE-2023-52155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52155. A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
#ExploitObserverAlert
CVE-2024-26138
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26138. The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.
CVE-2024-26138
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26138. The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.