CVE-2024-38529 – Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
https://notcve.org/view.php?id=CVE-2024-38529
In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. • https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-37381
https://notcve.org/view.php?id=CVE-2024-37381
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7245 – Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7245
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-7240 – F-Secure Total Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7240
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-7244 – Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7244
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •