#ExploitObserverAlert
EDB-51912
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51912. Blood Bank 1.0 - 'bid' SQLi
EDB-51912
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51912. Blood Bank 1.0 - 'bid' SQLi
#ExploitObserverAlert
WLB-2024030047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030047. Backdrop CMS 1.23.0 Cross Site Scripting.
WLB-2024030047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030047. Backdrop CMS 1.23.0 Cross Site Scripting.
#ExploitObserverAlert
EDB-51915
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51915. HNAS SMU 14.8.7825 - Information Disclosure
EDB-51915
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51915. HNAS SMU 14.8.7825 - Information Disclosure
#ExploitObserverAlert
EDB-51914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51914. Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
EDB-51914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51914. Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
#ExploitObserverAlert
WLB-2024030045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030045. SolarView Compact 6.00 Command Injection.
WLB-2024030045
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024030045. SolarView Compact 6.00 Command Injection.
#ExploitObserverAlert
CVE-2024-1800
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1800. In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-1800
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1800. In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-28735
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-28735. An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function.
FIRST-EPSS: 0.000450000
CVE-2024-28735
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-28735. An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
EDB-51916
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51916. CSZCMS v1.3.0 - SQL Injection (Authenticated)
EDB-51916
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51916. CSZCMS v1.3.0 - SQL Injection (Authenticated)
#ExploitObserverAlert
BDU:2024-02624
DESCRIPTION: Exploit Observer has 18 entries in 3 file formats related to BDU:2024-02624. Vulnerability in the libtirpc package, related to an unreachable exit condition, allows an attacker to cause a denial of service. The vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.
BDU:2024-02624
DESCRIPTION: Exploit Observer has 18 entries in 3 file formats related to BDU:2024-02624. Vulnerability in the libtirpc package, related to an unreachable exit condition, allows an attacker to cause a denial of service. The vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02643
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to BDU:2024-02643. The vulnerability in Microsoft Edge browser for Android, related to access control flaws, allows an attacker to bypass existing security restrictions. This vulnerability in Microsoft Edge browser for Android is related to access control flaws. Exploiting the vulnerability can allow a remote attacker to bypass existing security restrictions.
BDU:2024-02643
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to BDU:2024-02643. The vulnerability in Microsoft Edge browser for Android, related to access control flaws, allows an attacker to bypass existing security restrictions. This vulnerability in Microsoft Edge browser for Android is related to access control flaws. Exploiting the vulnerability can allow a remote attacker to bypass existing security restrictions.
#ExploitObserverAlert
BDU:2024-02578
DESCRIPTION: Exploit Observer has 15 entries in 3 file formats related to BDU:2024-02578. Vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting allows an attacker to cause a denial of service. The vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting is due to the lack of measures to neutralize special elements. Exploiting this vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02578
DESCRIPTION: Exploit Observer has 15 entries in 3 file formats related to BDU:2024-02578. Vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting allows an attacker to cause a denial of service. The vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting is due to the lack of measures to neutralize special elements. Exploiting this vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
#ExploitObserverAlert
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
#ExploitObserverAlert
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
#ExploitObserverAlert
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
#ExploitObserverAlert
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
#ExploitObserverAlert
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
#ExploitObserverAlert
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.