#ExploitObserverAlert
CVE-2023-46604
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.966470000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46604
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.966470000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32219
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-32219
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4699
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4699. Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.
FIRST-EPSS: 0.001230000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-4699
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4699. Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.
FIRST-EPSS: 0.001230000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-3506
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2017-3506. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
FIRST-EPSS: 0.969270000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2017-3506
DESCRIPTION: Exploit Observer has 93 entries related to CVE-2017-3506. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
FIRST-EPSS: 0.969270000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-2097
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2097. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2097
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2097. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3093
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3093. This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2022-3093
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3093. This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2022-22807
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-22807. A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
FIRST-EPSS: 0.000730000
NVD-IS: 4.0
NVD-ES: 2.8
CVE-2022-22807
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-22807. A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
FIRST-EPSS: 0.000730000
NVD-IS: 4.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-25157
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2023-25157. GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
FIRST-EPSS: 0.369840000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-25157
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2023-25157. GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
FIRST-EPSS: 0.369840000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3129
DESCRIPTION: Exploit Observer has 103 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-3129
DESCRIPTION: Exploit Observer has 103 entries related to CVE-2021-3129. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
FIRST-EPSS: 0.974880000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2011-2523
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2011-2523
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32571
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-32571
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2096
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2096. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2096
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2096. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2022-45875
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-45875. Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-45875
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-45875. Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2007-2447
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2007-2447. The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
FIRST-EPSS: 0.612690000
NVD-IS: 6.4
NVD-ES: 6.8
CVE-2007-2447
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2007-2447. The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
FIRST-EPSS: 0.612690000
NVD-IS: 6.4
NVD-ES: 6.8
#ExploitObserverAlert
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
#ExploitObserverAlert
CVE-2023-26347
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26347. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.006300000
CVE-2023-26347
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26347. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.006300000
#ExploitObserverAlert
CVE-2022-4386
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4386. The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2022-4386
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4386. The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.8