NotCVE - Remote Execute Code

Page 366 of 45675 results (0.075 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-35629 – WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability

https://notcve.org/view.php?id=CVE-2024-35629

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. ... The Easy Digital Downloads – Recent Purchases plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external server,s allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. • https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability? • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-35374

https://notcve.org/view.php?id=CVE-2024-35374

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions. Mocodo Mocodo Online 4.2.6 y versiones anteriores no desinfecta adecuadamente el campo de entrada sql_case en /web/generate.php, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios y potencialmente inyección de comandos, lo que lleva a la ejecución remota de código (RCE) bajo ciertas condiciones. • https://chocapikk.com/posts/2024/mocodo-vulnerabilities https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-35373

https://notcve.org/view.php?id=CVE-2024-35373

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. • https://chocapikk.com/posts/2024/mocodo-vulnerabilities https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

CVE-2024-28736 – Debezium UI 2.5 Credential Disclosure

https://notcve.org/view.php?id=CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. • https://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html • CWE-256: Plaintext Storage of a Password •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

CVE-2024-35595

https://notcve.org/view.php?id=CVE-2024-35595

An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/blob/main/Xintongda-OA_Cross_site%20_scripting%20_vulnerability/Xintongda-OA_Cross_site%20_scripting%20_vulnerability.pdf https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/Xintongda-OA_Cross_site%20_scripting%20_vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...364 365 366 367 368