CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27142 – Pre-authenticated XXE injection
https://notcve.org/view.php?id=CVE-2024-27142
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-37859 – Lost And Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37859
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. • http://lost.com https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37857 – Lost And Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37857
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. • http://lost.com https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37858 – Lost And Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37858
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. • http://lost.com https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html https://www.sourcecodester.com • CWE-269: Improper Privilege Management •