CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7544 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7544
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. • https://www.zerodayinitiative.com/advisories/ZDI-24-1084 • CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7541 – oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7541
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1081 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7543 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7543
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. • https://www.zerodayinitiative.com/advisories/ZDI-24-1083 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7257 – YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function
https://notcve.org/view.php?id=CVE-2024-7257
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/yayextra/tags/1.3.6/includes/Classes/ProductPage.php#L1413 https://plugins.trac.wordpress.org/browser/yayextra/tags/1.3.6/includes/Classes/ProductPage.php#L1452 https://plugins.trac.wordpress.org/changeset/3129731 https://wordpress.org/plugins/yayextra/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-41333 – Tourism Management System 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-41333
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter. • https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7 •