CVE-2024-37679
https://notcve.org/view.php?id=CVE-2024-37679
Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. • https://github.com/dabaizhizhu/123/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5630 – Insert or Embed Articulate Content into WordPress < 4.3000000024 - Author+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5630
This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-37680
https://notcve.org/view.php?id=CVE-2024-37680
FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. • https://github.com/dabaizhizhu/123/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37678
https://notcve.org/view.php?id=CVE-2024-37678
Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. • https://github.com/dabaizhizhu/123/issues/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-33278
https://notcve.org/view.php?id=CVE-2024-33278
Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. • https://gist.github.com/viktoredstrom/cd2580fb0e93e47133b2998553b0a52f https://www.asus.com/content/asus-product-security-advisory • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •