CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6312 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6312
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. ... This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/3e815531-f966-44a1-a037-8077a40c83b0?source=cve https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.3.2/admin/menu_ajax_functions/formularbuilder_fonts.php#L59 https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.4.1/admin/menu_ajax_functions/formularbuilder_fonts.php?rev=3141470#L17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44342
https://notcve.org/view.php?id=CVE-2024-44342
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44342 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6311 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6311
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd42fc4-ab4a-4053-b765-18272eacd2bc?source=cve https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.3.2/admin/menu_ajax_functions/formularbuilder_fonts.php#L47 https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.4.1/admin/menu_ajax_functions/formularbuilder_fonts.php?rev=3141470#L50 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42851
https://notcve.org/view.php?id=CVE-2024-42851
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. • https://github.com/T1anyang/fuzzing/blob/main/exiftags/crash.md https://github.com/T1anyang/fuzzing/tree/main/exiftags • CWE-122: Heap-based Buffer Overflow •