CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0394 – Rapid7 Minerva Armor Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-0394
03 Apr 2024 — Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users. The vulnerability has been remediated and fixed in version 4.5.5. Las versiones de Rapid7 Minerva Armor inferiores a 4.5.5 sufren de una vulnerabilidad de es... • https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 2CVE-2006-5077 – Minerva 2.0.21 build 238a - 'phpbb_root_path' File Inclusion
https://notcve.org/view.php?id=CVE-2006-5077
29 Sep 2006 — PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en admin/admin_topic_action_logging.php en Crish Smith Minerva Build 238 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2429 •