CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 3CVE-2024-1212 – LoadMaster Pre-Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema. • https://github.com/Chocapikk/CVE-2024-1212 https://github.com/MuhammadWaseem29/CVE-2024-1212 https://github.com/nak000/CVE-2024-1212 https://freeloadbalancer.com https://kemptechnologies.com https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 https://rhinosecuritylabs.com/research/cve-2024-1212unauthentic • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1474 – WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface
https://notcve.org/view.php?id=CVE-2024-1474
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. En las versiones del servidor WS_FTP anteriores a la 8.8.5, se identificaron problemas de Cross-Site Scripting Reflejado en varias entradas proporcionadas por el usuario en la interfaz administrativa del servidor WS_FTP. • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-February-2024 https://www.progress.com/ws_ftp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •