CVE-2024-44677
https://notcve.org/view.php?id=CVE-2024-44677
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md https://github.com/elunez/eladmin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-43461 – Microsoft Windows MSHTML Platform Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVE-2024-44902
https://notcve.org/view.php?id=CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/fru1ts/CVE-2024-44902 http://thinkphp.com • CWE-502: Deserialization of Untrusted Data •
CVE-2024-24510
https://notcve.org/view.php?id=CVE-2024-24510
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. • https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 •
CVE-2024-7770 – Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7770
This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/9cae7702-e531-45b9-9131-42edbc073a07?source=cve https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Http/Controllers/FileManagerController.php#L26 https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinderConnector.class.php#L160 https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinder.class.php#L1210 https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/p • CWE-434: Unrestricted Upload of File with Dangerous Type •