CVE-2023-26877
https://notcve.org/view.php?id=CVE-2023-26877
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. • https://gist.github.com/rodnt/90ac26fdf891e602f6f090d6aebce32d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-5016 – WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5016
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-502: Deserialization of Untrusted Data •
CVE-2024-5008 – WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5008
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, un usuario autenticado con ciertos permisos puede cargar un archivo arbitrario y obtener RCE usando Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-4498 – Path Traversal and RFI Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4498
A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. ... Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE). Existe una vulnerabilidad de Path Traversal e inclusión remota de archivos (RFI) en la aplicación parisneo/lollms-webui, que afecta a las versiones v9.7 hasta la última. ... La explotación exitosa permite a un atacante cargar y ejecutar código malicioso en el sistema de la víctima, lo que lleva a la ejecución remota de código (RCE). • https://huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-4885 – WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4885
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://github.com/sinsinology/CVE-2024-4885 https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •