#ExploitObserverAlert
CVE-2023-47534
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-47534. A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVE-2023-47534
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-47534. A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
#ExploitObserverAlert
BDU:2023-07691
DESCRIPTION: Exploit Observer has 28 entries in 10 file formats related to BDU:2023-07691. Vulnerability in the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2() of the OpenSSL cryptographic library, allowing an attacker to cause a denial of service. The vulnerability in the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2() of the OpenSSL cryptographic library is related to manipulation of the keylen/ivlen argument. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2023-07691
DESCRIPTION: Exploit Observer has 28 entries in 10 file formats related to BDU:2023-07691. Vulnerability in the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2() of the OpenSSL cryptographic library, allowing an attacker to cause a denial of service. The vulnerability in the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2() of the OpenSSL cryptographic library is related to manipulation of the keylen/ivlen argument. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
EDB-51877
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51877. Human Resource Management System 1.0 - 'employeeid' SQL Injection
EDB-51877
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51877. Human Resource Management System 1.0 - 'employeeid' SQL Injection
#ExploitObserverAlert
CVE-2023-42789
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-42789. A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2023-42789
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-42789. A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
#ExploitObserverAlert
CVE-2024-21334
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21334. Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-21334
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21334. Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-48788
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVE-2023-48788
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
#ExploitObserverAlert
CVE-2024-23112
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-23112. An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
CVE-2024-23112
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-23112. An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
#ExploitObserverAlert
EDB-51883
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51883. SnipeIT 6.2.1 - Stored Cross Site Scripting
EDB-51883
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51883. SnipeIT 6.2.1 - Stored Cross Site Scripting
#ExploitObserverAlert
EDB-51880
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51880. Client Details System 1.0 - SQL Injection
EDB-51880
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51880. Client Details System 1.0 - SQL Injection
#ExploitObserverAlert
EDB-51882
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51882. VMware Cloud Director 10.5 - Bypass identity verification
EDB-51882
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51882. VMware Cloud Director 10.5 - Bypass identity verification
#ExploitObserverAlert
CVE-2023-42790
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-42790. A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
FIRST-EPSS: 0.000430000
CVE-2023-42790
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-42790. A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51878
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51878. OSGi v3.8-3.18 Console - RCE
EDB-51878
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51878. OSGi v3.8-3.18 Console - RCE
#ExploitObserverAlert
SSVID-99817
DESCRIPTION: Exploit Observer has 15 entries in 2 file formats related to SSVID-99817.
SSVID-99817
DESCRIPTION: Exploit Observer has 15 entries in 2 file formats related to SSVID-99817.
#ExploitObserverAlert
EDB-51879
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51879. OSGi v3.7.2 (and below) Console - RCE
EDB-51879
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51879. OSGi v3.7.2 (and below) Console - RCE
#ExploitObserverAlert
BDU:2024-01908
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-01908. Vulnerability of the coders/tiff.c component of the ImageMagick console graphics editor, allowing an attacker to cause a denial of service. Vulnerability of the coders/tiff.c component of the ImageMagick console graphics editor is related to buffer overflow. Exploiting the vulnerability could allow an attacker to cause a denial of service.
BDU:2024-01908
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-01908. Vulnerability of the coders/tiff.c component of the ImageMagick console graphics editor, allowing an attacker to cause a denial of service. Vulnerability of the coders/tiff.c component of the ImageMagick console graphics editor is related to buffer overflow. Exploiting the vulnerability could allow an attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-01900
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-01900. Vulnerability of the Magick::Draw function of the command-line graphics editor ImageMagick, allowing an attacker to cause a denial of service. Vulnerability of the Magick::Draw function of the command-line graphics editor ImageMagick is related to memory release errors. Exploiting the vulnerability can allow an attacker to cause a denial of service.
BDU:2024-01900
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-01900. Vulnerability of the Magick::Draw function of the command-line graphics editor ImageMagick, allowing an attacker to cause a denial of service. Vulnerability of the Magick::Draw function of the command-line graphics editor ImageMagick is related to memory release errors. Exploiting the vulnerability can allow an attacker to cause a denial of service.
#ExploitObserverAlert
GHSA-8r3f-844c-mc37
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to GHSA-8r3f-844c-mc37. Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
GHSA-8r3f-844c-mc37
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to GHSA-8r3f-844c-mc37. Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
#ExploitObserverAlert
CVE-2024-1234
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-1234. The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1234
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-1234. The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
SSVID-99817
DESCRIPTION: Exploit Observer has 15 entries in 2 file formats related to SSVID-99817. SolarWinds Security Event Manager AMF deserialization RCE (CVE-2024-0692)
SSVID-99817
DESCRIPTION: Exploit Observer has 15 entries in 2 file formats related to SSVID-99817. SolarWinds Security Event Manager AMF deserialization RCE (CVE-2024-0692)
#ExploitObserverAlert
CVE-2024-1071
DESCRIPTION: Exploit Observer has 12 entries in 7 file formats related to CVE-2024-1071. The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000630000
CVE-2024-1071
DESCRIPTION: Exploit Observer has 12 entries in 7 file formats related to CVE-2024-1071. The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000630000
#ExploitObserverAlert
WLB-2024030026
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030026. OSGi 3.18 Remote Code Execution.
WLB-2024030026
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030026. OSGi 3.18 Remote Code Execution.