#ExploitObserverAlert
CVE-2018-11564
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2018-11564. Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
FIRST-EPSS: 0.001790000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8538082
CVE-2018-11564
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2018-11564. Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
FIRST-EPSS: 0.001790000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8538082
#ExploitObserverAlert
CVE-2022-3798
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3798. A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
CVE-2022-3798
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3798. A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
#ExploitObserverAlert
CVE-2020-12478
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to CVE-2020-12478. TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
FIRST-EPSS: 0.014960000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.960217
CVE-2020-12478
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to CVE-2020-12478. TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
FIRST-EPSS: 0.014960000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.960217
#ExploitObserverAlert
CVE-2018-12613
DESCRIPTION: Exploit Observer has 73 entries in 16 file formats related to CVE-2018-12613. An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
FIRST-EPSS: 0.974070000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.976755
CVE-2018-12613
DESCRIPTION: Exploit Observer has 73 entries in 16 file formats related to CVE-2018-12613. An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
FIRST-EPSS: 0.974070000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.976755
#ExploitObserverAlert
CVE-2022-3801
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3801. A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
CVE-2022-3801
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3801. A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
#ExploitObserverAlert
CVE-2020-13155
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13155. clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
FIRST-EPSS: 0.002170000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
CVE-2020-13155
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13155. clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
FIRST-EPSS: 0.002170000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
#ExploitObserverAlert
WLB-2024040062
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040062. Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution.
ARPS-PRIORITY: 0.8504802
WLB-2024040062
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040062. Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution.
ARPS-PRIORITY: 0.8504802
#ExploitObserverAlert
CVE-2020-35136
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2020-35136. Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
FIRST-EPSS: 0.041880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7686529
CVE-2020-35136
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2020-35136. Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
FIRST-EPSS: 0.041880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7686529
#ExploitObserverAlert
CVE-2017-5594
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to CVE-2017-5594. An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
FIRST-EPSS: 0.026670000
NVD-IS: 5.9
NVD-ES: 1.6
ARPS-PRIORITY: 0.8642072
CVE-2017-5594
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to CVE-2017-5594. An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
FIRST-EPSS: 0.026670000
NVD-IS: 5.9
NVD-ES: 1.6
ARPS-PRIORITY: 0.8642072
#ExploitObserverAlert
CVE-2022-3799
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3799. A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
CVE-2022-3799
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-3799. A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635.
FIRST-EPSS: 0.000930000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9586814
#ExploitObserverAlert
CVE-2022-3800
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2022-3800. A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
FIRST-EPSS: 0.051700000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9781971
CVE-2022-3800
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2022-3800. A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
FIRST-EPSS: 0.051700000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9781971
#ExploitObserverAlert
CVE-2020-13156
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13156. modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
CVE-2020-13156
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13156. modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
#ExploitObserverAlert
CVE-2024-24785
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24785. If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.770344
CVE-2024-24785
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24785. If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.770344
#ExploitObserverAlert
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561
#ExploitObserverAlert
CVE-2024-25110
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-25110. The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7568968
CVE-2024-25110
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-25110. The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7568968
#ExploitObserverAlert
CVE-2023-41677
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7689723
CVE-2023-41677
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7689723
#ExploitObserverAlert
CVE-2024-26130
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7524834
CVE-2024-26130
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7524834
#ExploitObserverAlert
CVE-2024-1183
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-1183. An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
FIRST-EPSS: 0.000610000
ARPS-PRIORITY: 0.7539098
CVE-2024-1183
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-1183. An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
FIRST-EPSS: 0.000610000
ARPS-PRIORITY: 0.7539098
#ExploitObserverAlert
CVE-2024-22201
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to CVE-2024-22201. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7705204
CVE-2024-22201
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to CVE-2024-22201. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7705204
#ExploitObserverAlert
CVE-2024-23323
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-23323. Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7583711
CVE-2024-23323
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-23323. Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7583711
#ExploitObserverAlert
CVE-2023-6237
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2023-6237.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7750043
CVE-2023-6237
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2023-6237.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7750043