#ExploitObserverAlert
CVE-2023-45573
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45573
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-m6fg-m377-682m
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-M6FG-M377-682M. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server.
GHSS: 8.0
GHSA-m6fg-m377-682m
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-M6FG-M377-682M. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server.
GHSS: 8.0
#ExploitObserverAlert
GHSA-5rc2-w7v5-6rgm
DESCRIPTION: Exploit Observer has 15 entries related to GHSA-5RC2-W7V5-6RGM. An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1.
GHSA-5rc2-w7v5-6rgm
DESCRIPTION: Exploit Observer has 15 entries related to GHSA-5RC2-W7V5-6RGM. An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1.
#ExploitObserverAlert
CVE-2023-46847
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46847. Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
FIRST-EPSS: 0.062290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46847
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46847. Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
FIRST-EPSS: 0.062290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-7qmp-rw6c-f6vw
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-7QMP-RW6C-F6VW. Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.
GHSS: 9.8
GHSA-7qmp-rw6c-f6vw
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-7QMP-RW6C-F6VW. Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.
GHSS: 9.8
#ExploitObserverAlert
CVE-2023-36560
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36560. ASP.NET Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36560
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36560. ASP.NET Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22958
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22958. The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-22958
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22958. The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1948
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1948
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3662 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3662 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-8120
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2018-8120. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
FIRST-EPSS: 0.974300000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2018-8120
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2018-8120. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
FIRST-EPSS: 0.974300000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2022-48363
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-48363
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-17141
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-17141. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
FIRST-EPSS: 0.027320000
NVD-IS: 6.0
NVD-ES: 1.7
CVE-2020-17141
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-17141. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
FIRST-EPSS: 0.027320000
NVD-IS: 6.0
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2020-28115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28115. SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-28115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28115. SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/misconfiguration/request-baskets-exposure
DESCRIPTION: Exploit Observer has 30 entries related to PD/http/misconfiguration/request-baskets-exposure.
PD/http/misconfiguration/request-baskets-exposure
DESCRIPTION: Exploit Observer has 30 entries related to PD/http/misconfiguration/request-baskets-exposure.
#ExploitObserverAlert
CVE-2023-2100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-2100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-q95j-488q-5q3p
DESCRIPTION: Exploit Observer has 42 entries related to GHSA-Q95J-488Q-5Q3P.
GHSS: 6.5
GHSA-q95j-488q-5q3p
DESCRIPTION: Exploit Observer has 42 entries related to GHSA-Q95J-488Q-5Q3P.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9