CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34352 – Arbitrary file write vulnerability in 1Panel
https://notcve.org/view.php?id=CVE-2024-34352
Antes de v1.10.3-lts, había muchas inyecciones de comandos en el proyecto y algunas de ellas no estaban bien filtradas, lo que provocaba escrituras de archivos arbitrarias y, en última instancia, RCE. El símbolo de escritura de configuración espejo `>` se puede utilizar para lograr la escritura de archivos arbitraria. • https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-28075 – SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28075
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4397 – LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4397
This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L98 https://plugins.trac.wordpress.org/changeset/3083657 https://www.wordfence.com/threat-intel/vulnerabilities/id/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 87%CPEs: 1EXPL: 4CVE-2024-32113 – Apache OFBiz Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-32113
Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. • https://www.exploit-db.com/exploits/52020 https://github.com/Mr-xn/CVE-2024-32113 https://github.com/RacerZ-fighting/CVE-2024-32113-POC https://github.com/YongYe-Security/CVE-2024-32113 http://www.openwall.com/lists/oss-security/2024/05/09/1 https://issues.apache.org/jira/browse/OFBIZ-13006 https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34347 – @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
https://notcve.org/view.php?id=CVE-2024-34347
However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. • https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01 https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •