#ExploitObserverAlert
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285
#ExploitObserverAlert
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285
#ExploitObserverAlert
CVE-2017-6929
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2017-6929. A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
FIRST-EPSS: 0.002670000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.7765482
CVE-2017-6929
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2017-6929. A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
FIRST-EPSS: 0.002670000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.7765482
#ExploitObserverAlert
CVE-2021-20282
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to CVE-2021-20282. When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
FIRST-EPSS: 0.001570000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7702185
CVE-2021-20282
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to CVE-2021-20282. When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
FIRST-EPSS: 0.001570000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7702185
#ExploitObserverAlert
CVE-2023-40547
DESCRIPTION: Exploit Observer has 2078 entries in 42 file formats related to CVE-2023-40547. A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
FIRST-EPSS: 0.005410000
NVD-IS: 6.0
NVD-ES: 1.6
ARPS-PRIORITY: 0.9632835
CVE-2023-40547
DESCRIPTION: Exploit Observer has 2078 entries in 42 file formats related to CVE-2023-40547. A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
FIRST-EPSS: 0.005410000
NVD-IS: 6.0
NVD-ES: 1.6
ARPS-PRIORITY: 0.9632835
#ExploitObserverAlert
CVE-2021-40695
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2021-40695. It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7712735
CVE-2021-40695
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2021-40695. It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7712735
#ExploitObserverAlert
CVE-2018-7602
DESCRIPTION: Exploit Observer has 309 entries in 19 file formats related to CVE-2018-7602. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
FIRST-EPSS: 0.974550000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9656657
CVE-2018-7602
DESCRIPTION: Exploit Observer has 309 entries in 19 file formats related to CVE-2018-7602. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
FIRST-EPSS: 0.974550000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9656657
#ExploitObserverAlert
CVE-2020-28838
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2020-28838. Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
FIRST-EPSS: 0.000670000
NVD-IS: 1.4
NVD-ES: 2.1
ARPS-PRIORITY: 0.8656445
CVE-2020-28838
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2020-28838. Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
FIRST-EPSS: 0.000670000
NVD-IS: 1.4
NVD-ES: 2.1
ARPS-PRIORITY: 0.8656445
#ExploitObserverAlert
CVE-2018-1133
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.864060000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.862425
CVE-2018-1133
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2018-1133. An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
FIRST-EPSS: 0.864060000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.862425
#ExploitObserverAlert
CVE-2019-10874
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2019-10874. Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
FIRST-EPSS: 0.055500000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8750708
CVE-2019-10874
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2019-10874. Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
FIRST-EPSS: 0.055500000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8750708
#ExploitObserverAlert
CVE-2024-31804
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-31804. An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.
FIRST-EPSS: 0.000840000
ARPS-PRIORITY: 0.8610423
CVE-2024-31804
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-31804. An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.
FIRST-EPSS: 0.000840000
ARPS-PRIORITY: 0.8610423
#ExploitObserverAlert
PD/http/vulnerabilities/titan/titannit-web-ssrf
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to PD/http/vulnerabilities/titan/titannit-web-ssrf. The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
ARPS-PRIORITY: 0.9513637
PD/http/vulnerabilities/titan/titannit-web-ssrf
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to PD/http/vulnerabilities/titan/titannit-web-ssrf. The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
ARPS-PRIORITY: 0.9513637
#ExploitObserverAlert
CVE-2023-31446
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2023-31446. In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
FIRST-EPSS: 0.019820000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9521352
CVE-2023-31446
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2023-31446. In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
FIRST-EPSS: 0.019820000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9521352
#ExploitObserverAlert
CVE-2018-7274
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2018-7274. Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8612864
CVE-2018-7274
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2018-7274. Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8612864
#ExploitObserverAlert
CVE-2023-4973
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4973. A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.002350000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9609252
CVE-2023-4973
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4973. A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.002350000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9609252
#ExploitObserverAlert
CVE-2023-50386
DESCRIPTION: Exploit Observer has 20 entries in 6 file formats related to CVE-2023-50386. Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
FIRST-EPSS: 0.872420000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9796416
CVE-2023-50386
DESCRIPTION: Exploit Observer has 20 entries in 6 file formats related to CVE-2023-50386. Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
FIRST-EPSS: 0.872420000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9796416
#ExploitObserverAlert
CVE-2024-24786
DESCRIPTION: Exploit Observer has 504 entries in 33 file formats related to CVE-2024-24786. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.9738394
CVE-2024-24786
DESCRIPTION: Exploit Observer has 504 entries in 33 file formats related to CVE-2024-24786. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.9738394
#ExploitObserverAlert
CVE-2016-9187
DESCRIPTION: Exploit Observer has 19 entries in 3 file formats related to CVE-2016-9187. Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
FIRST-EPSS: 0.004130000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8724231
CVE-2016-9187
DESCRIPTION: Exploit Observer has 19 entries in 3 file formats related to CVE-2016-9187. Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
FIRST-EPSS: 0.004130000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8724231
#ExploitObserverAlert
CVE-2019-10169
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2019-10169. A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7710746
CVE-2019-10169
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2019-10169. A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7710746
#ExploitObserverAlert
CVE-2024-21511
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.757628
CVE-2024-21511
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.757628
#ExploitObserverAlert
CVE-2020-29470
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29470. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
CVE-2020-29470
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29470. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997