CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44744
https://notcve.org/view.php?id=CVE-2024-44744
01 Oct 2024 — An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. • https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46080
https://notcve.org/view.php?id=CVE-2024-46080
01 Oct 2024 — Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. • https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46082
https://notcve.org/view.php?id=CVE-2024-46082
01 Oct 2024 — Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. • https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46084
https://notcve.org/view.php?id=CVE-2024-46084
01 Oct 2024 — Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. • https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7855 – WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7855
01 Oct 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-hotel-booking/trunk/includes/class-wphb-comments.php#L150 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7675 – Use After Free Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7675
30 Sep 2024 — A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7674 – Heap-based Buffer Overflow Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7674
30 Sep 2024 — A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7673 – Heap-based Buffer Overflow Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7673
30 Sep 2024 — A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7672 – Out-of-Bounds Write Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7672
30 Sep 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7671 – Out-of-Bounds Write Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7671
30 Sep 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-787: Out-of-bounds Write •