#ExploitObserverAlert
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-42430
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-42430. This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2011-2523
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2011-2523
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2011-2523. vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
FIRST-EPSS: 0.883420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32571
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-32571
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2096
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2096. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2096
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2096. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2022-45875
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-45875. Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-45875
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-45875. Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
FIRST-EPSS: 0.001250000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2007-2447
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2007-2447. The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
FIRST-EPSS: 0.612690000
NVD-IS: 6.4
NVD-ES: 6.8
CVE-2007-2447
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2007-2447. The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
FIRST-EPSS: 0.612690000
NVD-IS: 6.4
NVD-ES: 6.8
#ExploitObserverAlert
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
#ExploitObserverAlert
CVE-2023-26347
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26347. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.006300000
CVE-2023-26347
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26347. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.006300000
#ExploitObserverAlert
CVE-2022-4386
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4386. The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2022-4386
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4386. The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-40752
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-40752. Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
FIRST-EPSS: 0.001550000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2021-40752
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-40752. Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
FIRST-EPSS: 0.001550000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2023-47246
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-47246
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-46784
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-46784. In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
FIRST-EPSS: 0.015450000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2021-46784
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-46784. In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
FIRST-EPSS: 0.015450000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-25614
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-25614. Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings
CVE-2022-25614
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-25614. Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings
#ExploitObserverAlert
CVE-2021-42096
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-42096. GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
FIRST-EPSS: 0.001730000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-42096
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-42096. GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
FIRST-EPSS: 0.001730000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-44353
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.002270000
CVE-2023-44353
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-44353. Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.002270000
#ExploitObserverAlert
CVE-2023-46724
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46724. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
FIRST-EPSS: 0.003740000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46724
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46724. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
FIRST-EPSS: 0.003740000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-28965
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-28965. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
FIRST-EPSS: 0.000890000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-28965
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-28965. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
FIRST-EPSS: 0.000890000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2516
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2516. Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
FIRST-EPSS: 0.000630000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-2516
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2516. Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
FIRST-EPSS: 0.000630000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2020-7961
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2020-7961. Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
FIRST-EPSS: 0.973420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-7961
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2020-7961. Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
FIRST-EPSS: 0.973420000
NVD-IS: 5.9
NVD-ES: 3.9