CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44589
https://notcve.org/view.php?id=CVE-2024-44589
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. • https://www.dlink.com/en/security-bulletin https://github.com/Xshacry/iot-vuln/blob/main/d-link/dcs-935l/readme.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-44542
https://notcve.org/view.php?id=CVE-2024-44542
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. • https://github.com/alphandbelt/CVE-2024-44542 https://github.com/alphandbelt/CVE-2024-44542/tree/main • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45803 – Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
https://notcve.org/view.php?id=CVE-2024-45803
Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. ... By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. ... **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. • https://github.com/wireui/wireui/commit/784c4f110e58eb41d0f2bdecd4655ea417f16e7e https://github.com/wireui/wireui/commit/a457654912055f4dcc559da04d4e319f76b80fc5 https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42503 – Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-42503
Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42502 – Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
https://notcve.org/view.php?id=CVE-2024-42502
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •