CVE-2024-27717
https://notcve.org/view.php?id=CVE-2024-27717
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-27710
https://notcve.org/view.php?id=CVE-2024-27710
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3 • CWE-269: Improper Privilege Management •
CVE-2024-27715
https://notcve.org/view.php?id=CVE-2024-27715
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •
CVE-2024-27712
https://notcve.org/view.php?id=CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •
CVE-2024-39934
https://notcve.org/view.php?id=CVE-2024-39934
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment. Robotmk anterior a 2.0.1 permite a un usuario local escalar privilegios (por ejemplo, a SYSTEM) si la configuración automatizada del entorno Python está habilitada, porque la función "uso de holoárbol compartido" permite a cualquier usuario editar cualquier entorno Python. • https://checkmk.com/werk/16434 https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1 https://github.com/elabit/robotmk/releases/tag/v2.0.1 • CWE-284: Improper Access Control •