CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-36074
https://notcve.org/view.php?id=CVE-2024-36074
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36075
https://notcve.org/view.php?id=CVE-2024-36075
The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39209
https://notcve.org/view.php?id=CVE-2024-39209
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. • https://gist.github.com/yanggao017/e392a633b8cee6f42c514b125860081c https://github.com/yanggao017/vuln/blob/main/luci-app-sms-tool.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39669
https://notcve.org/view.php?id=CVE-2024-39669
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security. En la consola de Soffid IAM anterior a 3.5.39, no se aplicaron las comprobaciones necesarias a algunos objetos Java. Un agente malicioso podría ejecutar código arbitrario en Sync Server y comprometer la seguridad. • https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-26877
https://notcve.org/view.php?id=CVE-2023-26877
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. Vulnerabilidad de carga de archivos encontrada en Softexpert Excellence Suite v.2.1 permite a atacantes ejecutar código arbitrario mediante la carga de un archivo .php al endpoint form/efms_exec_html/file_upload_parser.php. • https://gist.github.com/rodnt/90ac26fdf891e602f6f090d6aebce32d • CWE-94: Improper Control of Generation of Code ('Code Injection') •