CVE-2024-43772 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43772
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. • https://zuso.ai/advisory/za-2024-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7871 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-7871
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. • https://zuso.ai/advisory/za-2024-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process of the VIP microcontroller. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. •
CVE-2024-8357 – Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8357
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •