CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22132 – Code Injection vulnerability in SAP IDES Systems
https://notcve.org/view.php?id=CVE-2024-22132
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. SAP IDES ECC-systems contienen código que permite la ejecución de código de programa arbitrario elegido por el usuario. Por lo tanto, un atacante puede controlar el comportamiento del sistema ejecutando código malicioso que potencialmente puede aumentar los privilegios con un bajo impacto en la confidencialidad, la integridad y la disponibilidad del sistema. • https://me.sap.com/notes/3421659 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22131 – Code Injection vulnerability in SAP ABA (Application Basis)
https://notcve.org/view.php?id=CVE-2024-22131
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. En SAP ABA (Application Basis), versiones 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, un atacante autenticado como usuario con autorización de ejecución remota puede utilizar una interfaz vulnerable. Esto permite al atacante utilizar la interfaz para invocar una función de la aplicación para realizar acciones que normalmente no se le permitiría realizar. • https://me.sap.com/notes/3420923 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-50808
https://notcve.org/view.php?id=CVE-2023-50808
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. Zimbra Collaboration antes de Kepler 9.0.0 Patch 38 GA permite la inyección de JavaScript basada en DOM en la interfaz de usuario moderna. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P38 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20739 – ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20739
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/audition/apsb24-11.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 13CVE-2024-25600 – WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. • https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT https://github.com/gobysec/GobyVuls https://github.com/gobysec/Goby https://github.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE https://github.com/ivanbg2004/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE https://github.com/Chocapikk/CVE-2024-25600 https://github.com/wh6amiGit • CWE-94: Improper Control of Generation of Code ('Code Injection') •