CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32501 – Centreon updateServiceHost_MC SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32501
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. • https://centreon.com https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-39179 – Linux Kernel ksmbd Read Request Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-39179
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. •
CVSS: 9.8EPSS: 96%CPEs: 5EXPL: 52CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4577
.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. ... PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability. PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. • https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT https://github.com/manuelinfosec/CVE-2024-4577 https://github.com/zomasec/CVE-2024-4577 https://github.com/cybersagor/CVE-2024-4577 https://github.com/l0n3m4n/CVE-2024-4577-RCE https://github.com/bughuntar/CVE-2024-4577 https://github.com/watchtowrlabs/CVE-2024-4577 https://github.com/xcanwin/CVE-2024-4577-PHP-RCE https://github.com/TAM-K592/CVE-2024-4577 https://github.com/Chocapikk/CVE-202 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-45188 – IBM Engineering Lifecycle Optimization Publishing file upload
https://notcve.org/view.php?id=CVE-2023-45188
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268751 https://www.ibm.com/support/pages/node/7156757 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2024-37569
https://notcve.org/view.php?id=CVE-2024-37569
Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter. • https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis https://www.youtube.com/watch? • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •