CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29848 – Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29848
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29830 – Ivanti Endpoint Manager GetLogFileRulesNameUniqueSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29830
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29826 – Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29826
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 38%CPEs: 1EXPL: 3CVE-2024-29824 – Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-29824
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution. Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. • https://github.com/horizon3ai/CVE-2024-29824 https://github.com/R4be1/CVE-2024-29824 https://github.com/codeb0ss/CVE-2024-29824-PoC https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5247 – NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5247
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://kb.netgear.com/000066165/Security-Advisory-for-Missing-Function-Level-Access-Control-on-the-NMS300-PSV-2024-0005 https://www.zerodayinitiative.com/advisories/ZDI-24-498 • CWE-434: Unrestricted Upload of File with Dangerous Type •