CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2024-35595
https://notcve.org/view.php?id=CVE-2024-35595
An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/blob/main/Xintongda-OA_Cross_site%20_scripting%20_vulnerability/Xintongda-OA_Cross_site%20_scripting%20_vulnerability.pdf https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/Xintongda-OA_Cross_site%20_scripting%20_vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: %CPEs: -EXPL: 0CVE-2024-35593
https://notcve.org/view.php?id=CVE-2024-35593
An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/Raingad-IM_Cross_site%20_scripting%20_vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: %CPEs: -EXPL: 0CVE-2024-35592
https://notcve.org/view.php?id=CVE-2024-35592
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/blob/main/BOX-IM_Cross_site%20_scripting%20_vulnerability/BOX-IM_Cross_site%20_scripting%20_vulnerability.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: %CPEs: -EXPL: 0CVE-2024-35591
https://notcve.org/view.php?id=CVE-2024-35591
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/o2oa/o2oa/issues/156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29829 – Ivanti Endpoint Manager GetLogFileRulesSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29829
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •