CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48605 – Helakuru 1.1 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-48605
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Helakuru version 1.1 suffers from a dll hijacking vulnerability. • https://github.com/surajhacx/HelakuruV.1.1-DLLHijack https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822 https://www.exploit-db.com/exploits/51461 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-47189
https://notcve.org/view.php?id=CVE-2024-47189
The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35286
https://notcve.org/view.php?id=CVE-2024-35286
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-40083
https://notcve.org/view.php?id=CVE-2024-40083
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40083.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-40084
https://notcve.org/view.php?id=CVE-2024-40084
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40084.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •