#ExploitObserverAlert
CVE-2022-42541
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42541. Remote code execution
CVE-2022-42541
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42541. Remote code execution
#ExploitObserverAlert
CVE-2021-30517
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-30517. Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.005420000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-30517
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-30517. Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.005420000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-49103
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.009170000
CVE-2023-49103
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.009170000
#ExploitObserverAlert
CVE-2022-42536
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42536. Remote code execution
CVE-2022-42536
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42536. Remote code execution
#ExploitObserverAlert
CVE-2022-42538
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42538. Elevation of privilege
CVE-2022-42538
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42538. Elevation of privilege
#ExploitObserverAlert
CVE-2021-41943
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-41943. Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.
FIRST-EPSS: 0.000500000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2021-41943
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-41943. Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.
FIRST-EPSS: 0.000500000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38175
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38175. Microsoft Windows Defender Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-38175
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38175. Microsoft Windows Defender Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-37703
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-37703. In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 1.8
CVE-2022-37703
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-37703. In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-3905
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-3905. A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
FIRST-EPSS: 0.001650000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-3905
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-3905. A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
FIRST-EPSS: 0.001650000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49052
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49052. File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVE-2023-49052
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49052. File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
#ExploitObserverAlert
CVE-2020-5736
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-5736. Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
FIRST-EPSS: 0.001490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-5736
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-5736. Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
FIRST-EPSS: 0.001490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-3fvf-6q4j-wvc7
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3FVF-6Q4J-WVC7. A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSS: 2.4
GHSA-3fvf-6q4j-wvc7
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3FVF-6Q4J-WVC7. A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSS: 2.4
#ExploitObserverAlert
CVE-2022-20473
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-20473. In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-20473
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-20473. In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-9053
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-9053
DESCRIPTION: Exploit Observer has 50 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-5966
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5966.
CVE-2023-5966
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5966.
#ExploitObserverAlert
CVE-2023-5965
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5965.
CVE-2023-5965
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5965.
#ExploitObserverAlert
CVE-2023-40600
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40600.
CVE-2023-40600
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40600.
#ExploitObserverAlert
CVE-2023-23752
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-23752
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-35975
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-35975. Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
CVE-2021-35975
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-35975. Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
#ExploitObserverAlert
GHSA-6jj9-4hh8-6xpv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-6JJ9-4HH8-6XPV. Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GHSA-6jj9-4hh8-6xpv
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-6JJ9-4HH8-6XPV. Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
#ExploitObserverAlert
CVE-2010-0188
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2010-0188. Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
FIRST-EPSS: 0.974690000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2010-0188
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2010-0188. Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
FIRST-EPSS: 0.974690000
NVD-IS: 10.0
NVD-ES: 8.6