CVE-2024-8358 – Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8358
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute code in the context of the device. •
CVE-2024-8359 – Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8359
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute code in the context of the device. •
CVE-2024-8360 – Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8360
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to execute code in the context of the device. •
CVE-2024-8252 – Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-8252
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/frontend.php#L20 https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/shortcodes.php#L146 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143241%40clean-login&new=3143241%40clean-login&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-43804 – OS Command Injection via Port Scan Functionality in Roxy-WI
https://notcve.org/view.php?id=CVE-2024-43804
An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. • https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •