#ExploitObserverAlert
GHSA-44jg-jgjx-3xg5
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-44jg-jgjx-3xg5. Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
GHSA-44jg-jgjx-3xg5
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-44jg-jgjx-3xg5. Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
#ExploitObserverAlert
CVE-2024-26130
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
CVE-2024-26130
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
#ExploitObserverAlert
CVE-2024-26310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26310. Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.
CVE-2024-26310
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26310. Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.
#ExploitObserverAlert
CVE-2023-52153
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52153. A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.
CVE-2023-52153
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52153. A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.
#ExploitObserverAlert
GHSA-q2cv-7j58-rfmj
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q2cv-7j58-rfmj. Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
GHSA-q2cv-7j58-rfmj
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-q2cv-7j58-rfmj. Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
#ExploitObserverAlert
CVE-2023-33843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33843. IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.
CVE-2023-33843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33843. IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.
#ExploitObserverAlert
CVE-2024-26583
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26583. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
CVE-2024-26583
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26583. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
#ExploitObserverAlert
PD/http/cves/2024/CVE-2024-1021
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to PD/http/cves/2024/CVE-2024-1021. There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
PD/http/cves/2024/CVE-2024-1021
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to PD/http/cves/2024/CVE-2024-1021. There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-38203
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to PD/http/cves/2023/CVE-2023-38203. Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
PD/http/cves/2023/CVE-2023-38203
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to PD/http/cves/2023/CVE-2023-38203. Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
#ExploitObserverAlert
BDU:2024-01565
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to BDU:2024-01565. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface, allowing an attacker to execute arbitrary code. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface is related to improper handling of code generation. Exploiting the vulnerability can allow a remote attacker to execute arbitrary code.
BDU:2024-01565
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to BDU:2024-01565. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface, allowing an attacker to execute arbitrary code. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface is related to improper handling of code generation. Exploiting the vulnerability can allow a remote attacker to execute arbitrary code.
#ExploitObserverAlert
GHSA-crv8-r5wq-gv2w
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to GHSA-crv8-r5wq-gv2w. webui-aria2 Path Traversal vulnerability
GHSA-crv8-r5wq-gv2w
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to GHSA-crv8-r5wq-gv2w. webui-aria2 Path Traversal vulnerability
#ExploitObserverAlert
WLB-2024020094
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020094. Ficus Global - Blind Sql Injection.
WLB-2024020094
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020094. Ficus Global - Blind Sql Injection.
#ExploitObserverAlert
WLB-2024020092
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020092. WordPress WP Fastest Cache 1.2.2 SQL Injection.
WLB-2024020092
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020092. WordPress WP Fastest Cache 1.2.2 SQL Injection.
#ExploitObserverAlert
WLB-2024020095
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020095. Agencia NUBA- Sql Injection.
WLB-2024020095
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020095. Agencia NUBA- Sql Injection.
#ExploitObserverAlert
PD/http/cves/2015/CVE-2015-1635
DESCRIPTION: Exploit Observer has 64 entries in 15 file formats related to PD/http/cves/2015/CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
PD/http/cves/2015/CVE-2015-1635
DESCRIPTION: Exploit Observer has 64 entries in 15 file formats related to PD/http/cves/2015/CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
#ExploitObserverAlert
WLB-2024020093
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020093. Blood Bank 1.0 SQL Injection.
WLB-2024020093
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020093. Blood Bank 1.0 SQL Injection.
#ExploitObserverAlert
WLB-2024020099
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020099. Backdoor.Win32.Agent.amt / Authentication Bypass.
WLB-2024020099
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020099. Backdoor.Win32.Agent.amt / Authentication Bypass.
#ExploitObserverAlert
WLB-2024020102
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020102. Moodle 4.3 Insecure Direct Object Reference.
WLB-2024020102
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020102. Moodle 4.3 Insecure Direct Object Reference.
#ExploitObserverAlert
WLB-2024020098
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020098. Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution.
WLB-2024020098
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020098. Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution.
#ExploitObserverAlert
WLB-2024020096
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020096. WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting.
WLB-2024020096
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020096. WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting.
#ExploitObserverAlert
WLB-2024020097
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020097. Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials.
WLB-2024020097
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020097. Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials.