CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42762
https://notcve.org/view.php?id=CVE-2024-42762
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30377 – G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30377
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA AntiVirus Scan Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7987 – Rockwell Automation ThinManager® ThinServerâ„¢ Information Disclosure and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-7987
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServerâ„¢ that allows a threat actor to execute arbitrary code with System privileges. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html • CWE-434: Unrestricted Upload of File with Dangerous Type •