CVE-2024-6298 – Remote code execution
https://notcve.org/view.php?id=CVE-2024-6298
ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.39956449.23035250.1719878527-141379670.1701144964 • CWE-20: Improper Input Validation •
CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-27716
https://notcve.org/view.php?id=CVE-2024-27716
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27716-cross-site-scripting-xss-in-eskooly-web-product-less-than-v3.0 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-27709
https://notcve.org/view.php?id=CVE-2024-27709
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-39753 – Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39753
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. • https://success.trendmicro.com/en-US/solution/ka-0016669 https://www.zerodayinitiative.com/advisories/ZDI-24-897 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •