#ExploitObserverAlert
BDU:2024-02148
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to BDU:2024-02148. The vulnerability of the web interface based on the artificial intelligence ChatGPT-Next-Web, related to insufficient validation of incoming requests, allows an attacker to carry out an SSRF attack. The vulnerability of the web interface based on the artificial intelligence ChatGPT-Next-Web is associated with the lack of protective measures for the webpage structure due to inadequate validation of incoming requests. Exploiting the vulnerability may allow a remote attacker to carry out an SSRF attack.
BDU:2024-02148
DESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to BDU:2024-02148. The vulnerability of the web interface based on the artificial intelligence ChatGPT-Next-Web, related to insufficient validation of incoming requests, allows an attacker to carry out an SSRF attack. The vulnerability of the web interface based on the artificial intelligence ChatGPT-Next-Web is associated with the lack of protective measures for the webpage structure due to inadequate validation of incoming requests. Exploiting the vulnerability may allow a remote attacker to carry out an SSRF attack.
#ExploitObserverAlert
BDU:2024-02123
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-02123. Vulnerability in the ftpservlet component of the FileCatalyst Workflow file exchange software allows an attacker to execute arbitrary code. This vulnerability in the ftpservlet component of the FileCatalyst Workflow file exchange software is related to errors in processing HTTP POST requests. Exploiting this vulnerability may allow a remote attacker to execute arbitrary code by uploading specially crafted JSP files.
BDU:2024-02123
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-02123. Vulnerability in the ftpservlet component of the FileCatalyst Workflow file exchange software allows an attacker to execute arbitrary code. This vulnerability in the ftpservlet component of the FileCatalyst Workflow file exchange software is related to errors in processing HTTP POST requests. Exploiting this vulnerability may allow a remote attacker to execute arbitrary code by uploading specially crafted JSP files.
#ExploitObserverAlert
WLB-2024030040
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030040. TYPO3 11.5.24 Path Traversal (Authenticated).
WLB-2024030040
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030040. TYPO3 11.5.24 Path Traversal (Authenticated).
#ExploitObserverAlert
WLB-2024030049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030049. Backdoor.Win32.Emegrab.b / Remote Stack Buffer Overflow (SEH).
WLB-2024030049
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030049. Backdoor.Win32.Emegrab.b / Remote Stack Buffer Overflow (SEH).
#ExploitObserverAlert
WLB-2024030041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030041. CSZCMS v1.3.0 SQL Injection (Authenticated).
WLB-2024030041
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030041. CSZCMS v1.3.0 SQL Injection (Authenticated).
#ExploitObserverAlert
MSF/exploit_linux/http/opennms_horizon_authenticated_rce
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to MSF/exploit_linux/http/opennms_horizon_authenticated_rce. This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7
MSF/exploit_linux/http/opennms_horizon_authenticated_rce
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to MSF/exploit_linux/http/opennms_horizon_authenticated_rce. This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7
#ExploitObserverAlert
WLB-2024030048
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030048. vm2 3.9.19 Sandbox Escape.
WLB-2024030048
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030048. vm2 3.9.19 Sandbox Escape.
#ExploitObserverAlert
EDB-51913
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51913. Simple Task List 1.0 - 'status' SQLi
EDB-51913
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51913. Simple Task List 1.0 - 'status' SQLi
#ExploitObserverAlert
WLB-2024030043
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030043. Lektor 3.3.10 Arbitrary File upload.
WLB-2024030043
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030043. Lektor 3.3.10 Arbitrary File upload.
#ExploitObserverAlert
WLB-2024030044
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030044. ZoneMinder Snapshots Remote Code Execution.
WLB-2024030044
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030044. ZoneMinder Snapshots Remote Code Execution.
#ExploitObserverAlert
WLB-2024030050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030050. SARMANSOFT SQL - NO-REDİRECT PoC.
WLB-2024030050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030050. SARMANSOFT SQL - NO-REDİRECT PoC.
#ExploitObserverAlert
EDB-51911
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51911. Employee Management System 1.0 - 'admin_id' SQLi
EDB-51911
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51911. Employee Management System 1.0 - 'admin_id' SQLi
#ExploitObserverAlert
WLB-2024030046
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030046. Atlassian Confluence 8.5.3 Remote Code Execution.
WLB-2024030046
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030046. Atlassian Confluence 8.5.3 Remote Code Execution.
#ExploitObserverAlert
WLB-2024030042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030042. Microsoft Outlook Remote Code Execution Vulnerability.
WLB-2024030042
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030042. Microsoft Outlook Remote Code Execution Vulnerability.
#ExploitObserverAlert
CVE-2024-2625
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2625. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2625
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2625. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
#ExploitObserverAlert
EDB-51912
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51912. Blood Bank 1.0 - 'bid' SQLi
EDB-51912
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51912. Blood Bank 1.0 - 'bid' SQLi
#ExploitObserverAlert
WLB-2024030047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030047. Backdrop CMS 1.23.0 Cross Site Scripting.
WLB-2024030047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030047. Backdrop CMS 1.23.0 Cross Site Scripting.
#ExploitObserverAlert
EDB-51915
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51915. HNAS SMU 14.8.7825 - Information Disclosure
EDB-51915
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51915. HNAS SMU 14.8.7825 - Information Disclosure
#ExploitObserverAlert
EDB-51914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51914. Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
EDB-51914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51914. Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
#ExploitObserverAlert
WLB-2024030045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030045. SolarView Compact 6.00 Command Injection.
WLB-2024030045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030045. SolarView Compact 6.00 Command Injection.
#ExploitObserverAlert
CVE-2024-1800
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1800. In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-1800
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1800. In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
FIRST-EPSS: 0.000430000