CVE-2024-28613
https://notcve.org/view.php?id=CVE-2024-28613
SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. • https://github.com/hakkitoklu/hunt/blob/main/PHP%20Task%20Management%20System/sqli.md https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html •
CVE-2024-32656 – Ant Media Server vulnerable to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-32656
A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. ... This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. ... Una vulnerabilidad de escalada de privilegios local presente en las versiones 2.6.0 a 2.8.2 permite que cualquier cuenta de usuario del sistema operativo sin privilegios escale privilegios a la cuenta de usuario raíz del sistema. • https://github.com/ant-media/Ant-Media-Server/commit/9cb38500729e0ff302da0290b9cfe1ec4dd6c764 https://github.com/ant-media/Ant-Media-Server/security/advisories/GHSA-qwhw-hh9j-54f5 • CWE-862: Missing Authorization •
CVE-2024-32405
https://notcve.org/view.php?id=CVE-2024-32405
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. • https://cxsecurity.com/issue/WLB-2024040051 https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
The active response can be triggered by writing events either to the local `execd` queue on server or to the `ar` queue which forwards the events to agents. So, it can leads to LPE on server as root and RCE on agent as root. ... La respuesta activa se puede activar escribiendo eventos en la cola "execd" local en el servidor o en la cola "ar" que reenvía los eventos a los agentes. Por lo tanto, puede conducir a LPE en el servidor como raíz y a RCE en el agente como raíz. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-24910 – Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24910
A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar código privilegiado local en el sistema de destino. • https://support.checkpoint.com/results/sk/sk182219 • CWE-732: Incorrect Permission Assignment for Critical Resource •