CVE-2024-45518
https://notcve.org/view.php?id=CVE-2024-45518
This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-48605 – Helakuru 1.1 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-48605
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Helakuru version 1.1 suffers from a dll hijacking vulnerability. • https://github.com/surajhacx/HelakuruV.1.1-DLLHijack https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822 https://www.exploit-db.com/exploits/51461 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-40083
https://notcve.org/view.php?id=CVE-2024-40083
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40083.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-40084
https://notcve.org/view.php?id=CVE-2024-40084
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40084.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-40085
https://notcve.org/view.php?id=CVE-2024-40085
A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40085.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •