CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE https://www.veeam.com/kb4679 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. • https://codecanyon.net/item/subscribe-download/2687305 https://www.wordfence.com/threat-intel/vulnerabilities/id/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-11609 – AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11609
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •
CVE-2024-11610 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11610
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •
CVE-2024-11611 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11611
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •