CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5577 – Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2024-5577
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. • https://plugins.trac.wordpress.org/browser/where-i-was-where-i-will-be/trunk/system/include/include_user.php https://www.wordfence.com/threat-intel/vulnerabilities/id/68e0f54d-08ec-4e41-ac9b-d72cdde5a724?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37029 – Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-37029
Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37006 – Autodesk AutoCAD CATPRODUCT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37006
This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23149 – Autodesk AutoCAD SLDDRW File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23149
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38295
https://notcve.org/view.php?id=CVE-2024-38295
ALCASAR before 3.6.1 allows still_connected.php remote code execution. • https://adullact.net/frs/download.php/file/8930/CHANGELOG.md https://alcasar.net/download •