CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-30850 – CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-30850
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go Un problema en tiagorlampert CHAOS v5.0.1 permite a un atacante remoto ejecutar código arbitrario a través de la función BuildClient dentro de client_service.go CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server. • https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31492
https://notcve.org/view.php?id=CVE-2024-31492
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20758 – [Adobe Cloud] RCE through frontend gift registry sharing
https://notcve.org/view.php?id=CVE-2024-20758
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29500
https://notcve.org/view.php?id=CVE-2024-29500
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. • https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 8CVE-2024-29269
https://notcve.org/view.php?id=CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. Un problema descubierto en Telesquare TLR-2005Ksh 1.0.0 y 1.1.4 permite a los atacantes ejecutar comandos arbitrarios del sistema a través del parámetro Cmd. • https://github.com/YongYe-Security/CVE-2024-29269 https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT https://github.com/Chocapikk/CVE-2024-29269 https://github.com/wutalent/CVE-2024-29269 https://github.com/Jhonsonwannaa/CVE-2024-29269 https://github.com/hack-with-rohit/CVE-2024-29269-RCE https://github.com/Quantum-Hacker/CVE-2024-29269 https://github.com/dream434/CVE-2024-29269 https://github.com/wutalent/CVE-2024-29269/blob/main/index.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •