CVE-2024-6822 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6822
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVE-2024-6815 – IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6815
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVE-2024-24622 – Softaculous Webuzo Password Reset Command Injection
https://notcve.org/view.php?id=CVE-2024-24622
A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/24/softaculous-webuzo-password-reset-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-24623 – Softaculous Webuzo FTP Management Command Injection
https://notcve.org/view.php?id=CVE-2024-24623
A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-37084 – CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
https://notcve.org/view.php?id=CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server • https://github.com/Kayiyan/CVE-2024-37084-Poc https://github.com/vuhz/CVE-2024-37084 https://github.com/Ly4j/CVE-2024-37084-Exp https://github.com/A0be/CVE-2024-37084-Exp https://spring.io/security/cve-2024-37084 • CWE-94: Improper Control of Generation of Code ('Code Injection') •