CVE-2024-52052 – Stream Target Remote Code Execution in Wowza Streaming Engine
https://notcve.org/view.php?id=CVE-2024-52052
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. • https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m https://github.com/argoproj/argo-helm/commit/81dc44c4a5ccd42c799469a78eb96a68048a4987 • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •
CVE-2024-11587 – idcCMS classProvCity.php GetCityOptionJs cross site scripting
https://notcve.org/view.php?id=CVE-2024-11587
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.285657 https://vuldb.com/?ctiid.285657 https://vuldb.com/?submit.442071 https://github.com/Hebing123/cve/issues/75 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11493 – 115cms pageAE.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11493
A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285508 https://vuldb.com/?id.285508 https://vuldb.com/?submit.442037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11492 – 115cms appurladd.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11492
A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285507 https://vuldb.com/?id.285507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •