CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37149 – GLPI allows remote code execution through the plugin loader
https://notcve.org/view.php?id=CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16. GLPI es un paquete de software de gestión de TI y activos de código abierto que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditoría de software. Un usuario técnico autenticado puede cargar un script PHP malicioso y secuestrar el cargador de complementos para ejecutar este script malicioso. • https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 96%CPEs: -EXPL: 1CVE-2024-5217 – ServiceNow Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2024-5217
This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://support.servicenow.com/kb?... id=kb_article_view&sysparm_article=KB1648313 https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 9.8EPSS: 96%CPEs: -EXPL: 10CVE-2024-4879 – ServiceNow Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4879
This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/Praison001/CVE-2024-4879-ServiceNow https://github.com/Brut-Security/CVE-2024-4879 https://github.com/bigb0x/CVE-2024-4879 https://github.com/Mr-r00t11/CVE-2024-4879 https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://github.com/ShadowByte1/CVE-2024-4879 https://github.com/zgimszhd61/CVE-2024-4879 https://github.com/jdusane/CVE-2024-4879 https://github.com/fa-rrel/CVE-2024-4879 https://github.com/ • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-37770
https://notcve.org/view.php?id=CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. ... Se descubrió que 14Finger v1.1 contenía una vulnerabilidad de ejecución remota de comandos (RCE) en la función de huellas dactilares. • https://github.com/k3ppf0r/CVE-2024-37770 https://github.com/b1ackc4t/14Finger/issues/13 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-35154 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2024-35154
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 https://www.ibm.com/support/pages/node/7159825 • CWE-250: Execution with Unnecessary Privileges •