CyberAlerts

CVE-2024-27174

Description: Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-27173

insecure upload

Description: Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-27172

Remote Code Execution

Description: Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-27145

Multiple Post-authenticated Remote Code Execution

Description: The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-27144

Pre-authenticated Remote Code Execution

Description: The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-27143

Pre-authenticated Remote Code Execution

Description: Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-26517

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the...

Description: SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-25641

Cacti RCE vulnerability when importing packages

Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.

CVSS: CRITICAL (9.1)

EPSS Score: 1.35%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E...

Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE

February 14th, 2025 (2 months ago)

CVE-2024-24962

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E...

Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE

February 14th, 2025 (2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-27174	insecure upload Description: Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-27173	insecure upload Description: Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-27172	Remote Code Execution Description: Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-27145	Multiple Post-authenticated Remote Code Execution Description: The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-27144	Pre-authenticated Remote Code Execution Description: The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-27143	Pre-authenticated Remote Code Execution Description: Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-26517	SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the... Description: SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. CVSS: CRITICAL (9.1) EPSS Score: 0.04% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-25641	Cacti RCE vulnerability when importing packages Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. CVSS: CRITICAL (9.1) EPSS Score: 1.35% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-24963	A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E... Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE February 14th, 2025 (2 months ago)
CVE-2024-24962	A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E... Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE February 14th, 2025 (2 months ago)