CVE-2024-7542 – oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7542
An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGR commands. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGR commands. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1082 • CWE-457: Use of Uninitialized Variable •
CVE-2024-7257 – YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function
https://notcve.org/view.php?id=CVE-2024-7257
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/yayextra/tags/1.3.6/includes/Classes/ProductPage.php#L1413 https://plugins.trac.wordpress.org/browser/yayextra/tags/1.3.6/includes/Classes/ProductPage.php#L1452 https://plugins.trac.wordpress.org/changeset/3129731 https://wordpress.org/plugins/yayextra/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-41333 – Tourism Management System 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-41333
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter. • https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7 •
CVE-2024-38876
https://notcve.org/view.php?id=CVE-2024-38876
The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •