CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47462 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47462
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejecución remota de comandos (RCE) en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47461 – Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
https://notcve.org/view.php?id=CVE-2024-47461
A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47460 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-47460
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42509 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42509
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8614 – WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8614
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •