#ExploitObserverAlert
CVE-2024-28735
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-28735. An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function.
FIRST-EPSS: 0.000450000
CVE-2024-28735
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-28735. An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
EDB-51916
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51916. CSZCMS v1.3.0 - SQL Injection (Authenticated)
EDB-51916
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51916. CSZCMS v1.3.0 - SQL Injection (Authenticated)
#ExploitObserverAlert
BDU:2024-02624
DESCRIPTION: Exploit Observer has 18 entries in 3 file formats related to BDU:2024-02624. Vulnerability in the libtirpc package, related to an unreachable exit condition, allows an attacker to cause a denial of service. The vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.
BDU:2024-02624
DESCRIPTION: Exploit Observer has 18 entries in 3 file formats related to BDU:2024-02624. Vulnerability in the libtirpc package, related to an unreachable exit condition, allows an attacker to cause a denial of service. The vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02643
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to BDU:2024-02643. The vulnerability in Microsoft Edge browser for Android, related to access control flaws, allows an attacker to bypass existing security restrictions. This vulnerability in Microsoft Edge browser for Android is related to access control flaws. Exploiting the vulnerability can allow a remote attacker to bypass existing security restrictions.
BDU:2024-02643
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to BDU:2024-02643. The vulnerability in Microsoft Edge browser for Android, related to access control flaws, allows an attacker to bypass existing security restrictions. This vulnerability in Microsoft Edge browser for Android is related to access control flaws. Exploiting the vulnerability can allow a remote attacker to bypass existing security restrictions.
#ExploitObserverAlert
BDU:2024-02578
DESCRIPTION: Exploit Observer has 15 entries in 3 file formats related to BDU:2024-02578. Vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting allows an attacker to cause a denial of service. The vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting is due to the lack of measures to neutralize special elements. Exploiting this vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02578
DESCRIPTION: Exploit Observer has 15 entries in 3 file formats related to BDU:2024-02578. Vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting allows an attacker to cause a denial of service. The vulnerability in the bgp_attr_psid_sub() function of the network routing implementation software on Unix-like systems FRRouting is due to the lack of measures to neutralize special elements. Exploiting this vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
#ExploitObserverAlert
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
#ExploitObserverAlert
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
#ExploitObserverAlert
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
#ExploitObserverAlert
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
#ExploitObserverAlert
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
#ExploitObserverAlert
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02574
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02574. Software vulnerability in OpenVPN related to the use of memory after it has been freed, allowing an attacker to cause a denial of service. The software vulnerability in OpenVPN is related to using memory after it has been freed. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02574
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02574. Software vulnerability in OpenVPN related to the use of memory after it has been freed, allowing an attacker to cause a denial of service. The software vulnerability in OpenVPN is related to using memory after it has been freed. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02596
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02596. The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized entity, allows an attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is linked to the forwarding of the OAuth identifier of the user who last logged into the system. Exploiting the vulnerability could allow a remote attacker to uncover protected information.
BDU:2024-02596
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02596. The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized entity, allows an attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is linked to the forwarding of the OAuth identifier of the user who last logged into the system. Exploiting the vulnerability could allow a remote attacker to uncover protected information.
#ExploitObserverAlert
BDU:2024-02582
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02582. A vulnerability in the modular interface between Rack web servers and web applications is related to the inefficient complexity of regular expressions, allowing an attacker to cause a denial of service. The vulnerability in the modular interface between Rack web servers and web applications is linked to input data processing, which could take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02582
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02582. A vulnerability in the modular interface between Rack web servers and web applications is related to the inefficient complexity of regular expressions, allowing an attacker to cause a denial of service. The vulnerability in the modular interface between Rack web servers and web applications is linked to input data processing, which could take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02592
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02592. Vulnerability in the virtual learning environment Moodle, related to the exposure of confidential information to an unauthorized entity, allowing the intruder to gain unauthorized access to protected information. The vulnerability of the Moodle virtual learning environment is related to the absence of restricting the mode of separate groups in a summary report of the forum, which displayed users from other groups. Exploiting the vulnerability could allow a remote intruder to gain unauthorized access to protected information.
BDU:2024-02592
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02592. Vulnerability in the virtual learning environment Moodle, related to the exposure of confidential information to an unauthorized entity, allowing the intruder to gain unauthorized access to protected information. The vulnerability of the Moodle virtual learning environment is related to the absence of restricting the mode of separate groups in a summary report of the forum, which displayed users from other groups. Exploiting the vulnerability could allow a remote intruder to gain unauthorized access to protected information.
#ExploitObserverAlert
BDU:2024-02625
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02625. The vulnerability in the Vorbis-tools package, related to the possibility of writing beyond the memory buffer, allows an attacker to trigger a denial of service or execute arbitrary code. The vulnerability in the Vorbis-tools package is associated with the potential for writing beyond the memory buffer when converting WAV files to OGG files. Exploiting the vulnerability could allow an attacker to trigger a denial of service or execute arbitrary code.
BDU:2024-02625
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02625. The vulnerability in the Vorbis-tools package, related to the possibility of writing beyond the memory buffer, allows an attacker to trigger a denial of service or execute arbitrary code. The vulnerability in the Vorbis-tools package is associated with the potential for writing beyond the memory buffer when converting WAV files to OGG files. Exploiting the vulnerability could allow an attacker to trigger a denial of service or execute arbitrary code.
#ExploitObserverAlert
BDU:2024-02579
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02579. Vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications allows an attacker to cause a denial of service. The vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02579
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02579. Vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications allows an attacker to cause a denial of service. The vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.