CVE-2024-48605 – Helakuru 1.1 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-48605
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Helakuru version 1.1 suffers from a dll hijacking vulnerability. • https://github.com/surajhacx/HelakuruV.1.1-DLLHijack https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822 https://www.exploit-db.com/exploits/51461 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-40494
https://notcve.org/view.php?id=CVE-2024-40494
Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. • https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113 https://github.com/dqp10515/security/tree/main/FreeCoAP_bug • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-46482
https://notcve.org/view.php?id=CVE-2024-46482
An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-26519
https://notcve.org/view.php?id=CVE-2024-26519
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. • https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router • CWE-306: Missing Authentication for Critical Function •
CVE-2024-48656
https://notcve.org/view.php?id=CVE-2024-48656
Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •