CVE-2024-34852 |
Description: F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34832 |
Description: Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
EPSS Score: 0.13%
February 14th, 2025 (5 months ago)
|
CVE-2024-34582 |
Description: Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34477 |
Description: configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-34454 |
Description: Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34448 |
Description: Ghost before 5.82.0 allows CSV Injection during a member CSV export.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34365 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34338 |
Description: Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34310 |
Description: Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34308 |
Description: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|