CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35304 – System command injection through Netflow function
https://notcve.org/view.php?id=CVE-2024-35304
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-1745 – KMPlayer SHFOLDER.dll uncontrolled search path
https://notcve.org/view.php?id=CVE-2023-1745
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc https://vuldb.com/?ctiid.224633 https://vuldb.com/?id.224633 https://youtu.be/7bh2BQOqxFo • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5200 – KMPlayer Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-5200
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. KMPlayer, en versiones 4.2.2.15 y anteriores, tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap). • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13144
https://notcve.org/view.php?id=CVE-2018-13144
The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. ** EN DISPUTA ** Las funciones transfer y transferFrom de una implementación de contrato inteligente para Pandora (PDX), un token de Ethereum, tienen un desbordamiento de enteros. NOTA: este dato ha sido impugnado por un tercero • https://github.com/safecomet/EtherTokens/blob/master/Pandora%20%28PDX%29/Pandora%20%28PDX%29.md https://github.com/soohoio/VeriSmartBench/wiki/CVE-False-Reported-Case • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16127
https://notcve.org/view.php?id=CVE-2017-16127
The module pandora-doomsday infects other modules. It's since been unpublished from the registry. El módulo pandora-doomsday infecta a otros módulos. Desde ese momento, se ha retirado del registro. • https://nodesecurity.io/advisories/482 • CWE-276: Incorrect Default Permissions CWE-509: Replicating Malicious Code (Virus or Worm) •