CVE-2020-18305
https://notcve.org/view.php?id=CVE-2020-18305
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. • https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c • CWE-287: Improper Authentication •
CVE-2024-4712 – Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler
https://notcve.org/view.php?id=CVE-2024-4712
This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). ... Esta vulnerabilidad requiere inicio de sesión local/acceso a la consola del servidor PaperCut NG/MF (por ejemplo: miembro de un grupo de administración de dominio). ... This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server. This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/security-bulletin-may-2024 https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-3037 – Arbitrary File Deletion in PaperCut NG/MF Web Print
https://notcve.org/view.php?id=CVE-2024-3037
This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). ... Esta vulnerabilidad requiere acceso a la consola o inicio de sesión local al servidor PaperCut NG/MF (por ejemplo, miembro de un grupo de administración de dominio). ... To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/security-bulletin-may-2024 https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30033
Windows Search Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de búsqueda de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-30802
https://notcve.org/view.php?id=CVE-2024-30802
An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. • https://github.com/WarmBrew/web_vul/blob/main/TTX.md https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-30802.md • CWE-1393: Use of Default Password •