#ExploitObserverAlert
CVE-2016-7146
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2016-7146. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
CVE-2016-7146
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2016-7146. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
#ExploitObserverAlert
CVE-2024-1212
DESCRIPTION: Exploit Observer has 42 entries in 11 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
FIRST-EPSS: 0.002130000
ARPS-PRIORITY: 0.9770812
CVE-2024-1212
DESCRIPTION: Exploit Observer has 42 entries in 11 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
FIRST-EPSS: 0.002130000
ARPS-PRIORITY: 0.9770812
#ExploitObserverAlert
CVE-2024-2756
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-2756.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7634759
CVE-2024-2756
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-2756.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7634759
#ExploitObserverAlert
CVE-2024-24131
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-24131. SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9767534
CVE-2024-24131
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-24131. SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9767534
#ExploitObserverAlert
CVE-2023-44487
DESCRIPTION: Exploit Observer has 430 entries in 26 file formats related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.739260000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7642706
CVE-2023-44487
DESCRIPTION: Exploit Observer has 430 entries in 26 file formats related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.739260000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7642706
#ExploitObserverAlert
CVE-2024-27956
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.9620892
CVE-2024-27956
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.9620892
#ExploitObserverAlert
CVE-2021-23338
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2021-23338. This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7771163
CVE-2021-23338
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2021-23338. This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7771163
#ExploitObserverAlert
CVE-2023-38964
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-38964. Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.958733
CVE-2023-38964
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-38964. Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.958733
#ExploitObserverAlert
CVE-2016-7148
DESCRIPTION: Exploit Observer has 18 entries in 2 file formats related to CVE-2016-7148. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
CVE-2016-7148
DESCRIPTION: Exploit Observer has 18 entries in 2 file formats related to CVE-2016-7148. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
#ExploitObserverAlert
CVE-2016-3068
DESCRIPTION: Exploit Observer has 44 entries in 5 file formats related to CVE-2016-3068. Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
FIRST-EPSS: 0.052080000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.752969
CVE-2016-3068
DESCRIPTION: Exploit Observer has 44 entries in 5 file formats related to CVE-2016-3068. Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
FIRST-EPSS: 0.052080000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.752969
#ExploitObserverAlert
PD/http/vulnerabilities/titan/titannit-web-rce
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to PD/http/vulnerabilities/titan/titannit-web-rce. The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
ARPS-PRIORITY: 0.9571059
PD/http/vulnerabilities/titan/titannit-web-rce
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to PD/http/vulnerabilities/titan/titannit-web-rce. The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
ARPS-PRIORITY: 0.9571059
#ExploitObserverAlert
CVE-2024-4348
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-4348. A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.8702569
CVE-2024-4348
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-4348. A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.8702569
#ExploitObserverAlert
CVE-2012-6081
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2012-6081. Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
FIRST-EPSS: 0.954720000
NVD-IS: 6.4
NVD-ES: 6.8
ARPS-PRIORITY: 0.9741913
CVE-2012-6081
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2012-6081. Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
FIRST-EPSS: 0.954720000
NVD-IS: 6.4
NVD-ES: 6.8
ARPS-PRIORITY: 0.9741913
#ExploitObserverAlert
CVE-2015-8309
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to CVE-2015-8309. Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
FIRST-EPSS: 0.009720000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.8553453
CVE-2015-8309
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to CVE-2015-8309. Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
FIRST-EPSS: 0.009720000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.8553453
#ExploitObserverAlert
CVE-2024-1597
DESCRIPTION: Exploit Observer has 240 entries in 7 file formats related to CVE-2024-1597. pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7555719
CVE-2024-1597
DESCRIPTION: Exploit Observer has 240 entries in 7 file formats related to CVE-2024-1597. pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7555719
#ExploitObserverAlert
CVE-2024-31080
DESCRIPTION: Exploit Observer has 42 entries in 7 file formats related to CVE-2024-31080. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.7092201
CVE-2024-31080
DESCRIPTION: Exploit Observer has 42 entries in 7 file formats related to CVE-2024-31080. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.7092201
#ExploitObserverAlert
CVE-2024-0235
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-0235. The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
FIRST-EPSS: 0.005420000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.9506418
CVE-2024-0235
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-0235. The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
FIRST-EPSS: 0.005420000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.9506418
#ExploitObserverAlert
CVE-2015-7293
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2015-7293. Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
FIRST-EPSS: 0.003010000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8750085
CVE-2015-7293
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2015-7293. Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
FIRST-EPSS: 0.003010000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8750085
#ExploitObserverAlert
CVE-2023-6546
DESCRIPTION: Exploit Observer has 199 entries in 9 file formats related to CVE-2023-6546. A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9632912
CVE-2023-6546
DESCRIPTION: Exploit Observer has 199 entries in 9 file formats related to CVE-2023-6546. A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9632912
#ExploitObserverAlert
CVE-2023-50387
DESCRIPTION: Exploit Observer has 86 entries in 13 file formats related to CVE-2023-50387. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
FIRST-EPSS: 0.036600000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7316946
CVE-2023-50387
DESCRIPTION: Exploit Observer has 86 entries in 13 file formats related to CVE-2023-50387. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
FIRST-EPSS: 0.036600000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7316946
#ExploitObserverAlert
CVE-2019-7139
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2019-7139. An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
FIRST-EPSS: 0.099120000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7756642
CVE-2019-7139
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2019-7139. An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
FIRST-EPSS: 0.099120000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7756642