CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-5579 – Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5579
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45167
https://notcve.org/view.php?id=CVE-2024-45167
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42761
https://notcve.org/view.php?id=CVE-2024-42761
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Bus%20Schedule%20List.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •