#ExploitObserverAlert
WLB-2024030008
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030008. Maxima Max Pro Power BLE Traffic Replay.
WLB-2024030008
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030008. Maxima Max Pro Power BLE Traffic Replay.
#ExploitObserverAlert
WLB-2024030011
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030011. A-PDF All to MP3 Converter 2.0.0 DEP Bypass via HeapCreate + HeapAlloc.
WLB-2024030011
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030011. A-PDF All to MP3 Converter 2.0.0 DEP Bypass via HeapCreate + HeapAlloc.
#ExploitObserverAlert
EDB-51862
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51862. CVE-2023-50071 - Multiple SQL Injection
EDB-51862
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51862. CVE-2023-50071 - Multiple SQL Injection
#ExploitObserverAlert
GHSA-h59x-p739-982c
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-h59x-p739-982c. LangChain directory traversal vulnerability
GHSA-h59x-p739-982c
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-h59x-p739-982c. LangChain directory traversal vulnerability
#ExploitObserverAlert
BDU:2024-01744
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-01744. The vulnerability of the jsoup Java library for data analysis, extraction, and management in HTML documents, related to lack of protection measures for the web page structure, allowing an attacker to perform cross-site scripting attacks (XSS). Vulnerability in the jsoup Java library for data analysis, extraction, and management in HTML documents is related to lack of protection measures for the web page structure. Exploiting the vulnerability may allow a remote attacker to execute cross-site scripting attacks (XSS).
BDU:2024-01744
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-01744. The vulnerability of the jsoup Java library for data analysis, extraction, and management in HTML documents, related to lack of protection measures for the web page structure, allowing an attacker to perform cross-site scripting attacks (XSS). Vulnerability in the jsoup Java library for data analysis, extraction, and management in HTML documents is related to lack of protection measures for the web page structure. Exploiting the vulnerability may allow a remote attacker to execute cross-site scripting attacks (XSS).
#ExploitObserverAlert
CVE-2024-20292
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20292. A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.
FIRST-EPSS: 0.000430000
CVE-2024-20292
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20292. A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51861
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51861. Lot Reservation Management System - Unauthenticated File Disclosure
EDB-51861
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51861. Lot Reservation Management System - Unauthenticated File Disclosure
#ExploitObserverAlert
MSF/auxiliary_gather/gitlab_tags_rss_feed_email_disclosure
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to MSF/auxiliary_gather/gitlab_tags_rss_feed_email_disclosure. An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It is possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
MSF/auxiliary_gather/gitlab_tags_rss_feed_email_disclosure
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to MSF/auxiliary_gather/gitlab_tags_rss_feed_email_disclosure. An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It is possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
#ExploitObserverAlert
CVE-2024-20336
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20336. A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
FIRST-EPSS: 0.000430000
CVE-2024-20336
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20336. A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-20337
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20337. A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
FIRST-EPSS: 0.000430000
CVE-2024-20337
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20337. A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
BDU:2024-01792
DESCRIPTION: Exploit Observer has 75 entries in 7 file formats related to BDU:2024-01792. TeamCity JetBrains continuous integration and delivery (CI/CD) system vulnerability related to bypassing the authentication procedure using an alternative path or channel, allowing an attacker to execute arbitrary code. Vulnerability in JetBrains TeamCity's continuous integration and delivery (CI/CD) system is related to bypassing the authentication procedure using an alternative path or channel. Exploiting the vulnerability may allow a remote attacker to execute arbitrary code with elevated privileges.
BDU:2024-01792
DESCRIPTION: Exploit Observer has 75 entries in 7 file formats related to BDU:2024-01792. TeamCity JetBrains continuous integration and delivery (CI/CD) system vulnerability related to bypassing the authentication procedure using an alternative path or channel, allowing an attacker to execute arbitrary code. Vulnerability in JetBrains TeamCity's continuous integration and delivery (CI/CD) system is related to bypassing the authentication procedure using an alternative path or channel. Exploiting the vulnerability may allow a remote attacker to execute arbitrary code with elevated privileges.
#ExploitObserverAlert
EDB-51863
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51863. CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
EDB-51863
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51863. CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
#ExploitObserverAlert
CVE-2024-20346
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20346. A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
FIRST-EPSS: 0.000430000
CVE-2024-20346
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20346. A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
BDU:2024-01793
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-01793. Vulnerability in the functions get_system_log and get_crash_log of the logread module of the microcode software for GL.iNet A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300 routers, allowing an attacker to execute arbitrary code. Vulnerability in the functions get_system_log and get_crash_log of the logread module of the microcode software for GL.iNet A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300 routers exists due to the failure to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
BDU:2024-01793
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-01793. Vulnerability in the functions get_system_log and get_crash_log of the logread module of the microcode software for GL.iNet A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300 routers, allowing an attacker to execute arbitrary code. Vulnerability in the functions get_system_log and get_crash_log of the logread module of the microcode software for GL.iNet A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300 routers exists due to the failure to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
#ExploitObserverAlert
CVE-2024-2174
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2174. Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
CVE-2024-2174
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2174. Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51860
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51860. Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution
EDB-51860
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51860. Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution
#ExploitObserverAlert
CVE-2024-1931
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1931. NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
CVE-2024-1931
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1931. NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
#ExploitObserverAlert
WLB-2024030021
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030021. Sandhya Branding Agency - Sql Injection.
WLB-2024030021
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030021. Sandhya Branding Agency - Sql Injection.
#ExploitObserverAlert
PSS-177516
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to PSS-177516. Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference. Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.
PSS-177516
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to PSS-177516. Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference. Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.
#ExploitObserverAlert
EDB-51869
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51869. Ladder v0.0.21 - Server-side request forgery (SSRF)
EDB-51869
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51869. Ladder v0.0.21 - Server-side request forgery (SSRF)
#ExploitObserverAlert
WLB-2024030023
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030023. Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution.
WLB-2024030023
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030023. Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution.