#ExploitObserverAlert
GHSA-468x-frcm-ghx6
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-468x-frcm-ghx6. Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
GHSA-468x-frcm-ghx6
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-468x-frcm-ghx6. Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
#ExploitObserverAlert
CVE-2024-25461
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25461. Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component.
CVE-2024-25461
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25461. Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component.
#ExploitObserverAlert
CVE-2024-1705
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1705. A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1705
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1705. A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-26585
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26585. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.
CVE-2024-26585
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26585. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.
#ExploitObserverAlert
CVE-2024-25893
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25893. ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25893
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25893. ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
#ExploitObserverAlert
CVE-2024-25288
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25288. SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
CVE-2024-25288
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25288. SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
#ExploitObserverAlert
CVE-2023-24334
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24334. A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.
CVE-2023-24334
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24334. A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.
#ExploitObserverAlert
CVE-2024-20325
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-20325. A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
CVE-2024-20325
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-20325. A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
#ExploitObserverAlert
CVE-2023-47795
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-47795. Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
CVE-2023-47795
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-47795. Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
#ExploitObserverAlert
CVE-2023-6533
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6533. Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
CVE-2023-6533
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6533. Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
#ExploitObserverAlert
CVE-2024-24478
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24478. An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components.
CVE-2024-24478
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24478. An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components.
#ExploitObserverAlert
CVE-2024-1714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1714. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-1714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1714. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
#ExploitObserverAlert
CVE-2023-52154
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52154. File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
CVE-2023-52154
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52154. File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
#ExploitObserverAlert
CVE-2023-38844
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38844. SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVE-2023-38844
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38844. SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
#ExploitObserverAlert
GHSA-73x3-8mrg-5r93
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-73x3-8mrg-5r93. Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
GHSA-73x3-8mrg-5r93
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-73x3-8mrg-5r93. Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
#ExploitObserverAlert
CVE-2023-7235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7235. The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
CVE-2023-7235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7235. The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
#ExploitObserverAlert
CVE-2024-1212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVE-2024-1212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
#ExploitObserverAlert
EDB-51807
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51807. WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
EDB-51807
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51807. WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
#ExploitObserverAlert
CVE-2024-25897
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25897. ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25897
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25897. ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
#ExploitObserverAlert
CVE-2024-26311
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26311. Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
CVE-2024-26311
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26311. Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
#ExploitObserverAlert
CVE-2024-26582
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26582. In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.
CVE-2024-26582
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26582. In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.