#ExploitObserverAlert

CVE-2024-20767

DESCRIPTION: Exploit Observer has 51 entries in 10 file formats related to CVE-2024-20767. ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.

FIRST-EPSS: 0.107660000
NVD-IS: 4.2
NVD-ES: 3.9
ARPS-PRIORITY: 0.9519815

#ExploitObserverAlert

CVE-2024-2879

DESCRIPTION: Exploit Observer has 31 entries in 7 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

FIRST-EPSS: 0.004920000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.9594176

#ExploitObserverAlert

CVE-2023-42114

DESCRIPTION: Exploit Observer has 17 entries in 6 file formats related to CVE-2023-42114. Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-17433.

FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.761675

#ExploitObserverAlert

CVE-2024-29269

DESCRIPTION: Exploit Observer has 20 entries in 9 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.

FIRST-EPSS: 0.000540000
ARPS-PRIORITY: 0.9565126

#ExploitObserverAlert

CVE-2024-3156

DESCRIPTION: Exploit Observer has 18 entries in 6 file formats related to CVE-2024-3156. Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7711292

#ExploitObserverAlert

CVE-2024-3914

DESCRIPTION: Exploit Observer has 26 entries in 4 file formats related to CVE-2024-3914. Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.7716788

#ExploitObserverAlert

CVE-2024-2340

DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2024-2340. The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.

FIRST-EPSS: 0.000530000
ARPS-PRIORITY: 0.9587458

#ExploitObserverAlert

CVE-2024-3158

DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2024-3158. Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7652126

#ExploitObserverAlert

CVE-2024-4040

DESCRIPTION: Exploit Observer has 67 entries in 13 file formats related to CVE-2024-4040. A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

FIRST-EPSS: 0.959300000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-PRIORITY: 0.9589201

#ExploitObserverAlert

CVE-2023-4521

DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-4521. The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.

FIRST-EPSS: 0.029120000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9506504

#ExploitObserverAlert

CVE-2024-2625

DESCRIPTION: Exploit Observer has 20 entries in 5 file formats related to CVE-2024-2625. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7803987

#ExploitObserverAlert

GHSA-2gq2-m628-33xp

DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-2gq2-m628-33xp. gregwar/rst Local File Inclusion Vulnerability

ARPS-PRIORITY: 0.759637

#ExploitObserverAlert

CVE-2018-5478

DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2018-5478. Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.

FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.7613018

#ExploitObserverAlert

GHSA-pqjm-xcp8-wgmm

DESCRIPTION: Exploit Observer has 8 entries in 6 file formats related to GHSA-pqjm-xcp8-wgmm. Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

ARPS-PRIORITY: 0.7050617

#ExploitObserverAlert

CVE-2022-23793

DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2022-23793. An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.

FIRST-EPSS: 0.002000000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.8713574

#ARPSArticleAlert

Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or Russia didn’t.

https://blog.arpsyndicate.io/over-a-1000-vulnerabilities-that-mitre-nist-might-have-missed-but-china-or-russia-did-not-871b2364a526

#ExploitObserverAlert

CVE-2023-52722

DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2023-52722. An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.

FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7563918

#ExploitObserverAlert

CVE-2024-25642

DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-25642. Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.

FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8582365

#ExploitObserverAlert

CVE-2024-28180

DESCRIPTION: Exploit Observer has 34 entries in 5 file formats related to CVE-2024-28180. Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7524723

#ExploitObserverAlert

WLB-2024050045

DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024050045. VSP Softtech - Blind Sql Injection.

ARPS-PRIORITY: 0.8512449

#ExploitObserverAlert

CVE-2023-52486

DESCRIPTION: Exploit Observer has 1193 entries in 22 file formats related to CVE-2023-52486. In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is that the fb will (eventually) end up being freed while it's still in use. Reset fb to NULL once we've unreffed it to avoid doing it again until we've done another fb lookup. This turned out to be pretty easy to hit on a DG2 when doing async flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I saw that drm_closefb() simply got stuck in a busy loop while walking the framebuffer list. Fortunately I was able to convince it to oops instead, and from there it was easier to track down the culprit.

FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.9685313