#ExploitObserverAlert
CVE-2023-49100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49100. Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.
CVE-2023-49100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-49100. Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.
#ExploitObserverAlert
CVE-2022-45169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45169. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
CVE-2022-45169
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45169. An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
#ExploitObserverAlert
CVE-2024-1709
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1709. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE-2024-1709
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1709. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
#ExploitObserverAlert
CVE-2024-22473
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22473. TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
CVE-2024-22473
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22473. TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
#ExploitObserverAlert
CVE-2024-1707
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1707. A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1707
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1707. A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2023-24330
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24330. Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
CVE-2023-24330
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24330. Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
#ExploitObserverAlert
CVE-2023-52155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52155. A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
CVE-2023-52155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52155. A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
#ExploitObserverAlert
CVE-2024-26138
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26138. The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.
CVE-2024-26138
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26138. The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.
#ExploitObserverAlert
CVE-2023-6640
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6640. Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
CVE-2023-6640
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6640. Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
#ExploitObserverAlert
CVE-2024-23346
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23346. Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
CVE-2024-23346
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23346. Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
#ExploitObserverAlert
CVE-2024-1704
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1704. A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1704
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1704. A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2023-50975
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50975. The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
CVE-2023-50975
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50975. The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
#ExploitObserverAlert
CVE-2024-25898
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25898. A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.
CVE-2024-25898
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25898. A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.
#ExploitObserverAlert
CVE-2023-24332
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24332. A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet.
CVE-2023-24332
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24332. A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet.
#ExploitObserverAlert
GHSA-rwxc-4cmw-7x75
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwxc-4cmw-7x75. Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
GHSA-rwxc-4cmw-7x75
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-rwxc-4cmw-7x75. Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
#ExploitObserverAlert
GHSA-p28x-4r5h-ph6j
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-p28x-4r5h-ph6j. Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
GHSA-p28x-4r5h-ph6j
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-p28x-4r5h-ph6j. Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
#ExploitObserverAlert
GHSA-v2xq-m22w-jmpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-v2xq-m22w-jmpr. Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
GHSA-v2xq-m22w-jmpr
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-v2xq-m22w-jmpr. Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
#ExploitObserverAlert
CVE-2023-24331
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24331. Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
CVE-2023-24331
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24331. Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
#ExploitObserverAlert
CVE-2024-1708
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1708. ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
CVE-2024-1708
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1708. ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
#ExploitObserverAlert
CVE-2024-25249
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25249. An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-25249
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25249. An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
#ExploitObserverAlert
CVE-2024-25895
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25895. A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php
CVE-2024-25895
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25895. A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php