NotCVE - "Execute arbitrary code"

Page 116 of 37768 results (0.161 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-6431 – Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2024-6431

The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-net-ads-manager/tags/2.10.13/app/admin/MnetAdHandleAjaxCalls.php#L206 https://www.wordfence.com/threat-intel/vulnerabilities/id/54fac673-2d83-4d06-a4c0-8bffc269a90c?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-6817 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-6817

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-6431 – Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-6817 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVE-2024-6818 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVE-2024-6819 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVE-2024-6822 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability