#ExploitObserverAlert
CVE-2024-24478
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24478. An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components.
CVE-2024-24478
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24478. An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components.
#ExploitObserverAlert
CVE-2024-1714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1714. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-1714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1714. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
#ExploitObserverAlert
CVE-2023-52154
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52154. File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
CVE-2023-52154
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52154. File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
#ExploitObserverAlert
CVE-2023-38844
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38844. SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVE-2023-38844
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-38844. SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
#ExploitObserverAlert
GHSA-73x3-8mrg-5r93
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-73x3-8mrg-5r93. Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
GHSA-73x3-8mrg-5r93
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-73x3-8mrg-5r93. Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
#ExploitObserverAlert
CVE-2023-7235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7235. The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
CVE-2023-7235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7235. The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
#ExploitObserverAlert
CVE-2024-1212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVE-2024-1212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
#ExploitObserverAlert
EDB-51807
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51807. WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
EDB-51807
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51807. WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
#ExploitObserverAlert
CVE-2024-25897
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25897. ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25897
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25897. ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
#ExploitObserverAlert
CVE-2024-26311
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26311. Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
CVE-2024-26311
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26311. Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
#ExploitObserverAlert
CVE-2024-26582
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26582. In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.
CVE-2024-26582
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26582. In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.
#ExploitObserverAlert
GHSA-54pv-r62j-9qqc
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-54pv-r62j-9qqc. Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
GHSA-54pv-r62j-9qqc
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-54pv-r62j-9qqc. Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
#ExploitObserverAlert
CVE-2023-50955
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50955. IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.
CVE-2023-50955
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50955. IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.
#ExploitObserverAlert
CVE-2024-1703
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1703. A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1703
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1703. A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
GHSA-xpjg-7hx7-wgcx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-xpjg-7hx7-wgcx. Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
GHSA-xpjg-7hx7-wgcx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-xpjg-7hx7-wgcx. Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
#ExploitObserverAlert
CVE-2023-24333
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24333. A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi.
CVE-2023-24333
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-24333. A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi.
#ExploitObserverAlert
CVE-2024-25891
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25891. ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25891
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25891. ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
#ExploitObserverAlert
CVE-2022-45177
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45177. An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
CVE-2022-45177
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45177. An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
#ExploitObserverAlert
CVE-2024-25896
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25896. ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter.
CVE-2024-25896
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25896. ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter.
#ExploitObserverAlert
CVE-2024-25892
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25892. ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter.
CVE-2024-25892
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25892. ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter.
#ExploitObserverAlert
CVE-2024-22220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22220. An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.
CVE-2024-22220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22220. An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.