CVE-2024-50324 – Ivanti Endpoint Manager GetFilePath Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50324
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-50323 – Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50323
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-50322 – Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50322
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-37365 – FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
https://notcve.org/view.php?id=CVE-2024-37365
A remote code execution vulnerability exists in the affected product. ... Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •
CVE-2024-10828 – Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details
https://notcve.org/view.php?id=CVE-2024-10828
The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83 https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996 https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve • CWE-502: Deserialization of Untrusted Data •