CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-22188
https://notcve.org/view.php?id=CVE-2024-22188
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los privilegios del servidor web) a través de una vulnerabilidad de inyección de comandos en los campos de formulario de la herramienta de instalación. Las versiones fijas son 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS y 13.0.1. • https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w https://typo3.org/help/security-advisories https://typo3.org/security/advisory/typo3-core-sa-2024-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27627
https://notcve.org/view.php?id=CVE-2024-27627
A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. Existe una vulnerabilidad Cross-Site Scripting Reflejado (XSS) en SuperCali versión 1.1.0, que permite a atacantes remotos ejecutar código JavaScript de su elección a través del parámetro email en la página bad_password.php. • https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-24278
https://notcve.org/view.php?id=CVE-2024-24278
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. Un problema en el cliente de escritorio Teamwire Windows v.2.0.1 a v.2.4.0 permite a un atacante remoto obtener información confidencial a través de un payload manipula para la función de mensaje. • https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-27622
https://notcve.org/view.php?id=CVE-2024-27622
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. Se ha identificado una vulnerabilidad de ejecución remota de código en el módulo Etiquetas definidas por el usuario de CMS Made Simple versión 2.2.19. Esta vulnerabilidad surge de una sanitización inadecuada de la entrada proporcionada por el usuario en la sección "Código" del módulo. • https://github.com/capture0x/CMSMadeSimple https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0156
https://notcve.org/view.php?id=CVE-2024-0156
A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. ... A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability • CWE-122: Heap-based Buffer Overflow •