CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7484 – CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7484
05 Aug 2024 — This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/crm-perks-forms/trunk/includes/front-form.php?rev=3003885#L3271 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7546 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7546
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1086 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7544 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7544
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1084 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7539 – oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7539
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage thi... • https://www.zerodayinitiative.com/advisories/ZDI-24-1079 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7257 – YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function
https://notcve.org/view.php?id=CVE-2024-7257
02 Aug 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/yayextra/tags/1.3.6/includes/Classes/ProductPage.php#L1413 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-38876 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38876
02 Aug 2024 — The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. • https://packetstorm.news/files/id/182667 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
02 Aug 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39392 – Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39392
02 Aug 2024 — InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-33896 – Ewon Cosy+ Command Injection
https://notcve.org/view.php?id=CVE-2024-33896
02 Aug 2024 — Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. ... The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. Due to improper neutralization of parameters read from a user-controlled configuration file, an authenticated attacker is able to inject and execute OS commands on the device. • https://github.com/codeb0ss/CVE-2024-33896-PoC •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-41333 – Tourism Management System 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-41333
02 Aug 2024 — A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter. • https://packetstorm.news/files/id/179891 •