CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
22 Aug 2024 — Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30372 – Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30372
22 Aug 2024 — Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can levera... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7987 – Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-7987
22 Aug 2024 — A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. ... An attacker must first obtain the ability to execute low-privileged <... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5581 – Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5581
22 Aug 2024 — Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can leverage this vulne... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42762
https://notcve.org/view.php?id=CVE-2024-42762
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
22 Aug 2024 — Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42769
https://notcve.org/view.php?id=CVE-2024-42769
22 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Reflected%20XSS%20-%20Sign%20UP.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5580 – Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5580
22 Aug 2024 — Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can ... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
22 Aug 2024 — SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42761
https://notcve.org/view.php?id=CVE-2024-42761
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Bus%20Schedule%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •