CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6814 – NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6814
NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. • https://www.zerodayinitiative.com/advisories/ZDI-24-901 https://kb.netgear.com/000066232/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3242 – Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3242
This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264 https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547 https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40502 – Hospital Management System Project In ASP.Net MVC 1 SQL Injection
https://notcve.org/view.php?id=CVE-2024-40502
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx Vulnerabilidad de inyección SQL en Hospital Management System Project in ASP.Net MVC 1 permite a un atacante remoto ejecutar código arbitrario a través de la función btn_login_b_Click de Loginpage.aspx Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://itsourcecode.com/author/angeljudesuarez https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code https://packetstormsecurity.com/files/179583/Hospital-Management-System-Project-In-ASP.Net-MVC-1-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-20416
https://notcve.org/view.php?id=CVE-2024-20416
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. ... A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20401
https://notcve.org/view.php?id=CVE-2024-20401
The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH • CWE-36: Absolute Path Traversal •