CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 3CVE-2024-22120 – Time Based SQL Injection in Zabbix Server Audit Log
https://notcve.org/view.php?id=CVE-2024-22120
Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. • https://github.com/W01fh4cker/CVE-2024-22120-RCE https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher https://github.com/isPique/CVE-2024-22120-RCE-with-gopher https://support.zabbix.com/browse/ZBX-24505 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4620 – ArForms < 6.6 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51636 – Avira Prime Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51636
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51637 – Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51637
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://www.zerodayinitiative.com/advisories/ZDI-24-468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. . ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html https://www.zerodayinitiative.com/advisories/ZDI-24-467 • CWE-190: Integer Overflow or Wraparound •