CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6312 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6312
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/3e815531-f966-44a1-a037-8077a40c83b0?source=cve https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.3.2/admin/menu_ajax_functions/formularbuilder_fonts.php#L59 https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.4.1/admin/menu_ajax_functions/formularbuilder_fonts.php?rev=3141470#L17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-42789
https://notcve.org/view.php?id=CVE-2024-42789
This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20Controller.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42787
https://notcve.org/view.php?id=CVE-2024-42787
This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Stored%20XSS%20-%20Add%20Playlist.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34087
https://notcve.org/view.php?id=CVE-2024-34087
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. • https://groups.io/g/bpq32 https://themodernham.com/bbs-hacking-discovering-rce-within-bpq32-seh-based-buffer-overflow https://www.cantab.net/users/john.wiseman/Documents https://www.youtube.com/%40ModernHam • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42790
https://notcve.org/view.php?id=CVE-2024-42790
This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20index.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •