CVE-2024-41111 – BishopFox Sliver Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-41111
Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. ... La versión 1.6.0 (prelanzamiento) de Sliver es vulnerable a RCE en el servidor de equipos por parte de un usuario "operador" con pocos privilegios. El RCE actúa como usuario raíz del sistema. • https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 https://github.com/BishopFox/sliver/issues/65 https://github.com/BishopFox/sliver/pull/1281 https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 https://sliver.sh/docs?name=Multi-player+Mode • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-40629 – Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40629
An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. ... Un atacante puede aprovechar el manual de Ansible para escribir archivos arbitrarios, lo que lleva a la ejecución remota de código (RCE) en el contenedor Celery. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-39907 – a sqlinjection in 1Panel
https://notcve.org/view.php?id=CVE-2024-39907
Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no están bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en última instancia, conduce a RCE. • https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. • http://www.openwall.com/lists/oss-security/2024/07/18/1 https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-6814 – NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6814
NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. • https://www.zerodayinitiative.com/advisories/ZDI-24-901 https://kb.netgear.com/000066232/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •