CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36072
https://notcve.org/view.php?id=CVE-2024-36072
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-779: Logging of Excessive Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36073
https://notcve.org/view.php?id=CVE-2024-36073
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36075
https://notcve.org/view.php?id=CVE-2024-36075
27 Jun 2024 — The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36074
https://notcve.org/view.php?id=CVE-2024-36074
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1839
https://notcve.org/view.php?id=CVE-2024-1839
26 Jun 2024 — Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26877
https://notcve.org/view.php?id=CVE-2023-26877
26 Jun 2024 — File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. • https://gist.github.com/rodnt/90ac26fdf891e602f6f090d6aebce32d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6054 – Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6054
26 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/auto-featured-image/tags/1.2/auto-featured-image.php#L167 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5762 – Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5762
26 Jun 2024 — Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the co... • https://docs.zen-cart.com/release/whatsnew_2.0.0 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5016 – WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5016
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. ... This vulnerability allows remote attackers to execute arbitrary code on affect... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5008 – WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5008
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. En las versiones de WhatsU... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •