CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45166
https://notcve.org/view.php?id=CVE-2024-45166
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42762
https://notcve.org/view.php?id=CVE-2024-42762
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30377 – G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30377
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •