CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-39470 – PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39470
18 Jun 2024 — PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacke... • https://www.papercut.com/kb/Main/SecurityBulletinJune2023 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5853 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5853
18 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6132 – Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6132
18 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-pexels-free-stock-photos/trunk/settings.php#L239 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6145 – Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6145
18 Jun 2024 — Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the context of the ... • https://www.zerodayinitiative.com/advisories/ZDI-24-808 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6153 – Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-6153
18 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this in co... • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6142 – Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6142
18 Jun 2024 — Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the ... • https://www.zerodayinitiative.com/advisories/ZDI-24-805 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37821
https://notcve.org/view.php?id=CVE-2024-37821
18 Jun 2024 — An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. • http://dolibarr.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6146 – Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6146
18 Jun 2024 — Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute ... • https://www.zerodayinitiative.com/advisories/ZDI-24-809 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35767 – WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35767
18 Jun 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. ... This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/squeeze/wordpress-squeeze-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6143 – Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6143
18 Jun 2024 — Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the c... • https://www.zerodayinitiative.com/advisories/ZDI-24-806 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •