CVE-2024-37410 – WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37410
This makes it possible for authenticated attackers, with Editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/powerpack-addon-for-beaver-builder/wordpress-powerpack-lite-for-beaver-builder-plugin-1-3-0-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-27629
https://notcve.org/view.php?id=CVE-2024-27629
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used. • https://github.com/rordenlab/dcm2niix/pull/789 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2024-39704
https://notcve.org/view.php?id=CVE-2024-39704
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318. Soft Circle French-Bread Melty Blood: Actress Again: Current Code hasta 1.07 Rev. 1.4.0 permite a un atacante remoto ejecutar código arbitrario en la máquina de un cliente a través de un paquete manipulado en el puerto TCP 46318. • https://github.com/MikeIsAStar/Melty-Blood-Actress-Again-Current-Code-Remote-Code-Execution https://pastebin.com/agpnQmhu •
CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37420
This makes it possible for authenticated attackers, with subscriber-level access and above, to upload malicious files that can be used for remote code execution. • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVE-2024-27628
https://notcve.org/view.php?id=CVE-2024-27628
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. • https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 https://support.dcmtk.org/redmine/issues/1108 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •