CVE-2024-51180
https://notcve.org/view.php?id=CVE-2024-51180
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20do.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-51181
https://notcve.org/view.php?id=CVE-2024-51181
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20Admin.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-51567 – CyberPanel Incorrect Default Permissions Vulnerability
https://notcve.org/view.php?id=CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. ... CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root. • https://github.com/thehash007/CVE-2024-51567-RCE-EXPLOIT https://github.com/ajayalf/CVE-2024-51567 https://cwe.mitre.org/data/definitions/420.html https://cwe.mitre.org/data/definitions/78.html https://cyberpanel.net/KnowledgeBase/home/change-logs https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce https://github.com/usmannasir/cyberpa • CWE-276: Incorrect Default Permissions •
CVE-2024-44236 – Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44236
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570 • CWE-787: Out-of-bounds Write •
CVE-2024-44284 – Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44284
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570 • CWE-787: Out-of-bounds Write •