CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVE-2024-28556
https://notcve.org/view.php?id=CVE-2024-28556
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. • https://github.com/xuanluansec/vul/blob/main/vul/1/README.md https://github.com/xuanluansec/vul/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-28558
https://notcve.org/view.php?id=CVE-2024-28558
SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. • https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md https://github.com/xuanluansec/vul/issues/3#issue-2243633522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-45503
https://notcve.org/view.php?id=CVE-2023-45503
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-32019 – ndsudo: local privilege escalation via untrusted search path
https://notcve.org/view.php?id=CVE-2024-32019
This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 • CWE-426: Untrusted Search Path •