CVE-2024-33335
https://notcve.org/view.php?id=CVE-2024-33335
SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. • https://gist.github.com/vrhappy/08cb4c8721eed8a74fe786ecdff1ec1e https://www.h3c.com/cn https://www.h3c.com/cn/Service/Online_Help/psirt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-37089 – WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37089
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-6141 – Windscribe Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6141
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windscribe Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windscribe Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/Windscribe/Desktop-App/blob/90a5cc3c1f50f6545f83969c2ace6b4ac2c91c4e/client/common/changelog.txt#L23 https://www.zerodayinitiative.com/advisories/ZDI-24-820 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-5929 – VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5929
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.vipre.com/en_US/home-windows-release-notes/home-windows-release-notes-20240227 https://www.zerodayinitiative.com/advisories/ZDI-24-818 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-28397
https://notcve.org/view.php?id=CVE-2024-28397
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/Marven11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •