CVE-2024-7241 – Panda Security Dome Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7241
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-7229 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7229
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-7232 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7232
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-40576
https://notcve.org/view.php?id=CVE-2024-40576
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. • https://github.com/jubilianite/CVEs/blob/main/CVE-2024-40576.md https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html https://github.com/jubilianite/CVEs/security/advisories/GHSA-674x-j9wj-qvpp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6451 – AI Engine < 2.5.1 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2024-6451
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. ... The AI Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the /wp-json/mwai/v1/settings/update REST API endpoint. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34 • CWE-94: Improper Control of Generation of Code ('Code Injection') •