{"vulnerability": "cve-2024-4794", "sightings": [{"uuid": "81064a1f-e475-4d37-a1b1-cfa5ee467e2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47947", "type": "seen", "source": "https://t.me/cvedetector/12786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47947 - Oracle Web Server Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47947 \nPublished : Dec. 12, 2024, 1:15 p.m. | 23\u00a0minutes ago \nDescription : Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users.\u00a0The \"Edit Disclaimer Text\" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL  \n  \n  \n  \n  \n  \n  \n  \n  \n  \nhttps://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre  \n  \nThe stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T14:40:26.000000Z"}, {"uuid": "1db6ef00-d6e2-4d96-8b01-b84056d4b99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47942", "type": "seen", "source": "https://t.me/cvedetector/10603", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47942 - Solid Edge DLL Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47942 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:37.000000Z"}, {"uuid": "89519307-5ba6-4989-b59f-a04bddf5a83c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47941", "type": "seen", "source": "https://t.me/cvedetector/10602", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47941 - Solid Edge SE Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47941 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:37.000000Z"}, {"uuid": "42b37701-40d5-4bcf-a72f-68ab63c907f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47940", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-05", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "ecd6a3a6-f7de-43f0-85a8-4853b1bdfe0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47941", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-05", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "c6ebf9c8-2a6d-41b0-a2ed-45baa7f4a8f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47942", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-05", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "3ebf58b1-b163-43c1-a697-6c9afc0bb528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47948", "type": "seen", "source": "https://t.me/cvedetector/7369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47948 - JetBrains TeamCity Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47948 \nPublished : Oct. 8, 2024, 4:15 p.m. | 21\u00a0minutes ago \nDescription : In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T18:43:27.000000Z"}, {"uuid": "60f41adb-8199-47c1-9335-e7b5fadc6f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47949", "type": "seen", "source": "https://t.me/cvedetector/7370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47949 - JetBrains TeamCity FTP Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47949 \nPublished : Oct. 8, 2024, 4:15 p.m. | 21\u00a0minutes ago \nDescription : In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T18:43:28.000000Z"}, {"uuid": "4f9a4d88-6f86-4309-aa57-66f832823296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47945", "type": "seen", "source": "https://t.me/cvedetector/7900", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47945 - VMware Predictable Session ID Vulnerability (Session Hijacking)\", \n  \"Content\": \"CVE ID : CVE-2024-47945 \nPublished : Oct. 15, 2024, 10:15 a.m. | 21\u00a0minutes ago \nDescription : The devices are vulnerable to session hijacking due to insufficient   \nentropy in its session ID generation algorithm. The session IDs are   \npredictable, with only 32,768 possible values per user, which allows   \nattackers to pre-generate valid session IDs, leading to unauthorized   \naccess to user sessions. This is not only due to the use of an   \n(insecure) rand() function call but also because of missing   \ninitialization via srand(). As a result only the PIDs are effectively   \nused as seed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T12:45:26.000000Z"}, {"uuid": "19d94c1c-4436-49ba-92ee-11560fb86cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47944", "type": "seen", "source": "https://t.me/cvedetector/7895", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47944 - D-Link USB Firmware Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47944 \nPublished : Oct. 15, 2024, 9:15 a.m. | 30\u00a0minutes ago \nDescription : The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the\u00a0firmware upgrade function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T11:55:13.000000Z"}, {"uuid": "b036f8ca-aeaf-4b0f-b1f9-485cbaa48433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47940", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470309538746631", "content": "", "creation_timestamp": "2024-11-12T13:51:58.709432Z"}, {"uuid": "43f67156-2c82-44e3-94c1-ff14c85959cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47941", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470309553814296", "content": "", "creation_timestamp": "2024-11-12T13:51:58.971530Z"}, {"uuid": "7f4df1c9-2f11-488e-a685-99e592e6c1c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47942", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470309567485069", "content": "", "creation_timestamp": "2024-11-12T13:51:59.254126Z"}, {"uuid": "ef24d952-6d83-4595-8e31-b3fd51fabd0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47946", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113627436345378507", "content": "", "creation_timestamp": "2024-12-10T07:51:23.485471Z"}, {"uuid": "bdbf1d30-982e-403a-9f02-358e4e6afff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47947", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113639929963039545", "content": "", "creation_timestamp": "2024-12-12T12:48:40.926346Z"}, {"uuid": "c37636f7-9c97-47da-9f77-bd50a52c3ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47946", "type": "seen", "source": "https://t.me/cvedetector/12485", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47946 - Apache Struts Remote Code Execution Vul...\", \n  \"Content\": \"CVE ID : CVE-2024-47946 \nPublished : Dec. 10, 2024, 8:15 a.m. | 41\u00a0minutes ago \nDescription : If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as \"www-data\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T09:56:53.000000Z"}, {"uuid": "5aab91ed-d4e4-470f-a926-38572adf7034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47940", "type": "seen", "source": "https://t.me/cvedetector/10607", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47940 - \"Solid Edge SE memory corruption vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-47940 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:43.000000Z"}, {"uuid": "13e5f576-83a3-41a7-83c9-e8fccc165353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47943", "type": "seen", "source": "https://t.me/cvedetector/7894", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47943 - Rittal IoT Interface & CMC III Processing Unit HMAC Verification Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-47943 \nPublished : Oct. 15, 2024, 9:15 a.m. | 30\u00a0minutes ago \nDescription : The firmware upgrade function in the admin web interface of the Rittal\u00a0IoT Interface & CMC III Processing Unit devices checks if   \nthe patch files are signed before executing the containing run.sh   \nscript. The signing process is kind of an HMAC with a long string as key  \n which is hard-coded in the firmware and is freely available for   \ndownload. This allows crafting malicious \"signed\" .patch files in order   \nto compromise the device and execute arbitrary code. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T11:55:12.000000Z"}]}