CVE-2024-40481
https://notcve.org/view.php?id=CVE-2024-40481
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Stored%20XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-40482
https://notcve.org/view.php?id=CVE-2024-40482
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6891 – Journyx Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Los atacantes con un nombre de usuario y contraseña válidos pueden aprovechar una vulnerabilidad de inyección de código Python durante el flujo de inicio de sesión natural. • https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2024-43044 – jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
https://notcve.org/view.php?id=CVE-2024-43044
The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller's file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE) • https://github.com/v9d0g/CVE-2024-43044-POC https://github.com/HwMex0/CVE-2024-43044 https://github.com/convisolabs/CVE-2024-43044-jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 https://access.redhat.com/security/cve/CVE-2024-43044 https://bugzilla.redhat.com/show_bug.cgi?id=2303466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-34623
https://notcve.org/view.php?id=CVE-2024-34623
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=08 •