CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3904
https://notcve.org/view.php?id=CVE-2024-3904
04 Jul 2024 — Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. • https://jvn.jp/vu/JVNVU91215350/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39884 – Apache HTTP Server: source code disclosure with handlers configured via AddType
https://notcve.org/view.php?id=CVE-2024-39884
04 Jul 2024 — "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. ... A remote attacker could possibly use this issue to bypass authentication. ... A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. ... A remote attacker could possibly use this issue to obtain sensitive information, execute
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37501 – WordPress Advanced Classifieds & Directory Pro plugin <= 3.1.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37501
04 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/advanced-classifieds-and-directory-pro/wordpress-advanced-classifieds-directory-pro-plugin-3-1-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37499 – WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37499
04 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/meeting-scheduler-by-vcita/wordpress-online-booking-scheduling-calendar-for-wordpress-plugin-4-4-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-28038 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-28038
04 Jul 2024 — En cuanto a los detalles de los nombres de los productos afectados, los números de modelo y las versiones, consulte la información proporcionada por los respectivos proveedores que se enumeran en [Referencias]. 308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. • https://packetstorm.news/files/id/179363 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-33616 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-33616
04 Jul 2024 — En cuanto a los detalles de los nombres de los productos afectados, los números de modelo y las versiones, consulte la información proporcionada por los respectivos proveedores que se enumeran en [Referencias]. 308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. • https://packetstorm.news/files/id/179363 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37418 – WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37418
04 Jul 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-29146 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-29146
04 Jul 2024 — En cuanto a los detalles de los nombres de los productos afectados, los números de modelo y las versiones, consulte la información proporcionada por los respectivos proveedores que se enumeran en [Referencias]. 308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. • https://packetstorm.news/files/id/179363 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39165
https://notcve.org/view.php?id=CVE-2024-39165
04 Jul 2024 — QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. • https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-34162 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34162
04 Jul 2024 — En cuanto a los detalles de los nombres de los productos afectados, los números de modelo y las versiones, consulte la información proporcionada por los respectivos proveedores que se enumeran en [Referencias]. 308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more. • https://packetstorm.news/files/id/179363 • CWE-767: Access to Critical Private Variable via Public Method •