CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7448 – Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7448
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://docs.magnetforensics.com/docs/axiom/release_notes.html https://www.zerodayinitiative.com/advisories/ZDI-24-1129 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5384
https://notcve.org/view.php?id=CVE-2015-5384
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack. El módulo Axiom Google Web Toolkit, de AxiomSL, en versiones 9.5.3 y anteriores, es vulnerable a ataques de fijación de sesión. • https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5384 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5462
https://notcve.org/view.php?id=CVE-2015-5462
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. El módulo Axiom Google Web Toolkit, de AxiomSL, en versiones 9.5.3 y anteriores, permite a los atacantes remotos inyectar HTML en las funcionalidades de alcance del cuadro de mando. • https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5462 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5463
https://notcve.org/view.php?id=CVE-2015-5463
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. El módulo del applet de Java de Axiom, de AxiomSL (utilizado para editar archivos de Excel subidos y los servicios Java RMI asociados), en su versión 9.5.3 y anteriores, permite a los atacantes remotos (1) acceder a datos de otros usuarios básicos a través de comandos SQL arbitrarios, (2) realizar un escalado de privilegios horizontal y vertical, (3) provocar denegaciones de servicio (DoS) en la aplicación en su conjunto o (4) escribir/leer/eliminar archivos arbitrarios en el servidor que aloja la aplicación. • https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463 • CWE-285: Improper Authorization •