CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45169
https://notcve.org/view.php?id=CVE-2024-45169
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42770
https://notcve.org/view.php?id=CVE-2024-42770
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45167
https://notcve.org/view.php?id=CVE-2024-45167
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
22 Aug 2024 — Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30372 – Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30372
22 Aug 2024 — Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can leverage this... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7987 – Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-7987
22 Aug 2024 — A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. ... An attacker must first obtain the ability to execute low-privileged code<... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5581 – Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5581
22 Aug 2024 — Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can leverage this vulnerabilit... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42762
https://notcve.org/view.php?id=CVE-2024-42762
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42769
https://notcve.org/view.php?id=CVE-2024-42769
22 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Reflected%20XSS%20-%20Sign%20UP.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •