CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40502 – Hospital Management System Project In ASP.Net MVC 1 SQL Injection
https://notcve.org/view.php?id=CVE-2024-40502
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx Vulnerabilidad de inyección SQL en Hospital Management System Project in ASP.Net MVC 1 permite a un atacante remoto ejecutar código arbitrario a través de la función btn_login_b_Click de Loginpage.aspx Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://itsourcecode.com/author/angeljudesuarez https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code https://packetstormsecurity.com/files/179583/Hospital-Management-System-Project-In-ASP.Net-MVC-1-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-20416
https://notcve.org/view.php?id=CVE-2024-20416
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. ... A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20401
https://notcve.org/view.php?id=CVE-2024-20401
The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23471 – SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23471
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23470 – SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23470
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-287: Improper Authentication •