CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5291 – D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5291
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-442 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35570
https://notcve.org/view.php?id=CVE-2024-35570
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. • https://github.com/KakeruJ/CVE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35080
https://notcve.org/view.php?id=CVE-2024-35080
An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. • https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35080.txt https://www.inxedu.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35079
https://notcve.org/view.php?id=CVE-2024-35079
An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. • https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35079.txt https://www.inxedu.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34060 – Arbitrary File Write in IRIS EVTX Pipeline
https://notcve.org/view.php?id=CVE-2024-34060
This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). ... Esto puede conducir a una ejecución remota de código (RCE) cuando se combina con una inyección de plantilla del lado del servidor (SSTI). • https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •