CVE-2024-6811 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6811
IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. • https://www.zerodayinitiative.com/advisories/ZDI-24-903 • CWE-787: Out-of-bounds Write •
CVE-2024-6812 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6812
IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. • https://www.zerodayinitiative.com/advisories/ZDI-24-904 • CWE-787: Out-of-bounds Write •
CVE-2024-39173
https://notcve.org/view.php?id=CVE-2024-39173
calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. Se descubrió que calculadora-boilerplate v1.0 contiene una vulnerabilidad de ejecución remota de código (RCE) a través de la función eval en /routes/calculator.js. • http://kropov.com/calculator-boilerplate-cve.txt • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2024-6813 – NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6813
NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. • https://www.zerodayinitiative.com/advisories/ZDI-24-902 https://kb.netgear.com/000066231/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3242 – Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3242
This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264 https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547 https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •