CVE-2024-9054 – Remote code Execution inTimeProvider® 4100
https://notcve.org/view.php?id=CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. • https://www.gruppotim.it/it/footer/red-team.html https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38039 – BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS.
https://notcve.org/view.php?id=CVE-2024-38039
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-47655 – Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-47655
An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-37868
https://notcve.org/view.php?id=CVE-2024-37868
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. • https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed https://github.com/TERRENCE-REX/CVE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •