CVE-2024-11490 – 115cms set.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11490
A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285505 https://vuldb.com/?id.285505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11489 – 115cms file.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11489
A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285504 https://vuldb.com/?id.285504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11488 – 115cms web_user.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11488
A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285503 https://vuldb.com/?id.285503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-10094
https://notcve.org/view.php?id=CVE-2024-10094
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code Las versiones 6.x a Infinity 24.1.1 de Pega Platform se ven afectadas por un problema con el control inadecuado de la generación de código • https://support.pega.com/support-doc/pega-security-advisory-d24-vulnerability-remediation-note • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11495 – Buffer overflow in OllyDbg
https://notcve.org/view.php?id=CVE-2024-11495
Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-ollydbg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •