#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-38203
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to PD/http/cves/2023/CVE-2023-38203. Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
PD/http/cves/2023/CVE-2023-38203
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to PD/http/cves/2023/CVE-2023-38203. Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
#ExploitObserverAlert
BDU:2024-01565
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to BDU:2024-01565. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface, allowing an attacker to execute arbitrary code. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface is related to improper handling of code generation. Exploiting the vulnerability can allow a remote attacker to execute arbitrary code.
BDU:2024-01565
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to BDU:2024-01565. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface, allowing an attacker to execute arbitrary code. Vulnerability of the file /api/clusters/local/topics/{topic}/messages of the Apache Kafka kafka-ui cluster management web interface is related to improper handling of code generation. Exploiting the vulnerability can allow a remote attacker to execute arbitrary code.
#ExploitObserverAlert
GHSA-crv8-r5wq-gv2w
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to GHSA-crv8-r5wq-gv2w. webui-aria2 Path Traversal vulnerability
GHSA-crv8-r5wq-gv2w
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to GHSA-crv8-r5wq-gv2w. webui-aria2 Path Traversal vulnerability
#ExploitObserverAlert
WLB-2024020094
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020094. Ficus Global - Blind Sql Injection.
WLB-2024020094
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020094. Ficus Global - Blind Sql Injection.
#ExploitObserverAlert
WLB-2024020092
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020092. WordPress WP Fastest Cache 1.2.2 SQL Injection.
WLB-2024020092
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020092. WordPress WP Fastest Cache 1.2.2 SQL Injection.
#ExploitObserverAlert
WLB-2024020095
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020095. Agencia NUBA- Sql Injection.
WLB-2024020095
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020095. Agencia NUBA- Sql Injection.
#ExploitObserverAlert
PD/http/cves/2015/CVE-2015-1635
DESCRIPTION: Exploit Observer has 64 entries in 15 file formats related to PD/http/cves/2015/CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
PD/http/cves/2015/CVE-2015-1635
DESCRIPTION: Exploit Observer has 64 entries in 15 file formats related to PD/http/cves/2015/CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
#ExploitObserverAlert
WLB-2024020093
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020093. Blood Bank 1.0 SQL Injection.
WLB-2024020093
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020093. Blood Bank 1.0 SQL Injection.
#ExploitObserverAlert
WLB-2024020099
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020099. Backdoor.Win32.Agent.amt / Authentication Bypass.
WLB-2024020099
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020099. Backdoor.Win32.Agent.amt / Authentication Bypass.
#ExploitObserverAlert
WLB-2024020102
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020102. Moodle 4.3 Insecure Direct Object Reference.
WLB-2024020102
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020102. Moodle 4.3 Insecure Direct Object Reference.
#ExploitObserverAlert
WLB-2024020098
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020098. Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution.
WLB-2024020098
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020098. Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution.
#ExploitObserverAlert
WLB-2024020096
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020096. WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting.
WLB-2024020096
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020096. WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting.
#ExploitObserverAlert
WLB-2024020097
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020097. Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials.
WLB-2024020097
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020097. Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials.
#ExploitObserverAlert
WLB-2024020100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020100. Source Guardian Cross Site Scripting.
WLB-2024020100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020100. Source Guardian Cross Site Scripting.
#ExploitObserverAlert
WLB-2024020101
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020101. Saflok System 6000 Key Derivation.
WLB-2024020101
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020101. Saflok System 6000 Key Derivation.
#ExploitObserverAlert
WLB-2024020103
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020103. WP Fastest Cache 1.2.2 Unauthenticated SQL Injection.
WLB-2024020103
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020103. WP Fastest Cache 1.2.2 Unauthenticated SQL Injection.
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-6895
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to PD/http/cves/2023/CVE-2023-6895. Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.
PD/http/cves/2023/CVE-2023-6895
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to PD/http/cves/2023/CVE-2023-6895. Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.
#ExploitObserverAlert
BDU:2024-01665
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to BDU:2024-01665. Vulnerability of the Ultimate Member plugin in the content management system of the WordPress website, allowing an attacker to execute arbitrary SQL queries to the database. The vulnerability of the Ultimate Member plugin in the content management system of the WordPress website is related to the lack of measures to protect the SQL query structure. Exploiting the vulnerability may allow a remote attacker to execute arbitrary SQL queries to the database.
BDU:2024-01665
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to BDU:2024-01665. Vulnerability of the Ultimate Member plugin in the content management system of the WordPress website, allowing an attacker to execute arbitrary SQL queries to the database. The vulnerability of the Ultimate Member plugin in the content management system of the WordPress website is related to the lack of measures to protect the SQL query structure. Exploiting the vulnerability may allow a remote attacker to execute arbitrary SQL queries to the database.
#ExploitObserverAlert
MSF/exploit_multi/http/cve_2023_38836_boidcms
DESCRIPTION: Exploit Observer has 8 entries in 6 file formats related to MSF/exploit_multi/http/cve_2023_38836_boidcms. This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.
MSF/exploit_multi/http/cve_2023_38836_boidcms
DESCRIPTION: Exploit Observer has 8 entries in 6 file formats related to MSF/exploit_multi/http/cve_2023_38836_boidcms. This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.
#CyberNewsAlert
The Cyber Security Research and Development (CSRD) Group at Ministry of Electronics & Information Technology (MEITY) of India invites R&D proposals in Cybersecurity with focus on innovation & indigenous technology development leading to productization.
https://www.meity.gov.in/content/call-project-proposals-rd-cyber-security/
The Cyber Security Research and Development (CSRD) Group at Ministry of Electronics & Information Technology (MEITY) of India invites R&D proposals in Cybersecurity with focus on innovation & indigenous technology development leading to productization.
https://www.meity.gov.in/content/call-project-proposals-rd-cyber-security/
#ExploitObserverAlert
CVE-2024-27199
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-27199. In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
FIRST-EPSS: 0.000430000
CVE-2024-27199
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-27199. In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
FIRST-EPSS: 0.000430000