#ExploitObserverAlert
WLB-2024030026
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030026. OSGi 3.18 Remote Code Execution.
WLB-2024030026
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030026. OSGi 3.18 Remote Code Execution.
#ExploitObserverAlert
MSF/exploit_multi/http/jetbrains_teamcity_rce_cve_2024_27198
DESCRIPTION: Exploit Observer has 207 entries in 10 file formats related to MSF/exploit_multi/http/jetbrains_teamcity_rce_cve_2024_27198. This module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated RCE on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older version of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
MSF/exploit_multi/http/jetbrains_teamcity_rce_cve_2024_27198
DESCRIPTION: Exploit Observer has 207 entries in 10 file formats related to MSF/exploit_multi/http/jetbrains_teamcity_rce_cve_2024_27198. This module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated RCE on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older version of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
#ExploitObserverAlert
WLB-2024030027
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030027. MSMS-PHP (by: oretnom23 ) v1.0 File Upload - RCE browser using.
WLB-2024030027
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030027. MSMS-PHP (by: oretnom23 ) v1.0 File Upload - RCE browser using.
#ExploitObserverAlert
WLB-2024030029
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030029. Human Resource Management System 1.0 SQL Injection.
WLB-2024030029
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030029. Human Resource Management System 1.0 SQL Injection.
#ExploitObserverAlert
WLB-2024030030
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030030. SnipeIT 6.2.1 Stored Cross Site Scripting.
WLB-2024030030
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030030. SnipeIT 6.2.1 Stored Cross Site Scripting.
#ExploitObserverAlert
WLB-2024030028
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030028. MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi.
WLB-2024030028
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030028. MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi.
#ExploitObserverAlert
CVE-2024-20327
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20327. A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
FIRST-EPSS: 0.000430000
CVE-2024-20327
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20327. A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25228
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-25228. Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.
FIRST-EPSS: 0.000430000
CVE-2024-25228
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-25228. Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
EDB-51884
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51884. JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
EDB-51884
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51884. JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
#ExploitObserverAlert
EDB-51892
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51892. KiTTY 0.76.1.13 - Command Injection
EDB-51892
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51892. KiTTY 0.76.1.13 - Command Injection
#ExploitObserverAlert
EDB-51890
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51890. KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
EDB-51890
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51890. KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
#ExploitObserverAlert
EDB-51887
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51887. Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
EDB-51887
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51887. Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
#ExploitObserverAlert
PD/http/cves/2024/CVE-2024-1698
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-1698. The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PD/http/cves/2024/CVE-2024-1698
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PD/http/cves/2024/CVE-2024-1698. The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
#ExploitObserverAlert
EDB-51888
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51888. Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
EDB-51888
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51888. Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
#ExploitObserverAlert
EDB-51886
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51886. SolarView Compact 6.00 - Command Injection
EDB-51886
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51886. SolarView Compact 6.00 - Command Injection
#ExploitObserverAlert
EDB-51891
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51891. KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
EDB-51891
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51891. KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
#ExploitObserverAlert
GHSA-gvpg-vgmx-xg6w
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-gvpg-vgmx-xg6w. Denial of Service in Connect2id Nimbus JOSE+JWT
GHSA-gvpg-vgmx-xg6w
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-gvpg-vgmx-xg6w. Denial of Service in Connect2id Nimbus JOSE+JWT
#ExploitObserverAlert
BDU:2024-02014
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to BDU:2024-02014. The vulnerability of the JetBrains TeamCity continuous integration and delivery system (CI/CD) is related to bypassing the authentication procedure by using an alternative path or channel, allowing an attacker to perform arbitrary actions. Exploiting this vulnerability can enable a remote attacker to execute arbitrary actions by bypassing the authentication procedure in the JetBrains TeamCity continuous integration and delivery system (CI/CD) using an alternative path or channel.
BDU:2024-02014
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to BDU:2024-02014. The vulnerability of the JetBrains TeamCity continuous integration and delivery system (CI/CD) is related to bypassing the authentication procedure by using an alternative path or channel, allowing an attacker to perform arbitrary actions. Exploiting this vulnerability can enable a remote attacker to execute arbitrary actions by bypassing the authentication procedure in the JetBrains TeamCity continuous integration and delivery system (CI/CD) using an alternative path or channel.
#ExploitObserverAlert
BDU:2024-01953
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-01953. Vulnerability of the panorama.pm component in the monitoring console web interface for Naemon, Nagios, Icinga and Shinken THRUK, allowing an attacker to upload arbitrary files. The vulnerability of the panorama.pm component in the web interface of the monitoring console for Naemon, Nagios, Icinga and Shinken THRUK is related to the incorrect restriction of the directory path name with limited access. Exploiting the vulnerability could allow a remote attacker to upload arbitrary files.
BDU:2024-01953
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-01953. Vulnerability of the panorama.pm component in the monitoring console web interface for Naemon, Nagios, Icinga and Shinken THRUK, allowing an attacker to upload arbitrary files. The vulnerability of the panorama.pm component in the web interface of the monitoring console for Naemon, Nagios, Icinga and Shinken THRUK is related to the incorrect restriction of the directory path name with limited access. Exploiting the vulnerability could allow a remote attacker to upload arbitrary files.
#ExploitObserverAlert
CVE-2024-26475
DESCRIPTION: Exploit Observer has 36 entries in 5 file formats related to CVE-2024-26475. An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
FIRST-EPSS: 0.000430000
CVE-2024-26475
DESCRIPTION: Exploit Observer has 36 entries in 5 file formats related to CVE-2024-26475. An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2193
DESCRIPTION: Exploit Observer has 48 entries in 5 file formats related to CVE-2024-2193. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2024-2193
DESCRIPTION: Exploit Observer has 48 entries in 5 file formats related to CVE-2024-2193. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.