This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2024-53915.
Category Archives: Advisories
ZDI-24-1662: Veritas Enterprise Vault MobileHTMLView Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the target user’s privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52941.
ZDI-24-1661: Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the target user’s privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52942.
ZDI-24-1660: Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the target user’s privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52943.
ZDI-24-1659: Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the target user’s privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-52944.
ZDI-24-1658: Microsoft Edge File Extension Spoofing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-49041.
ZDI-24-1657: Microsoft Windows Directory Traversal Vulnerability
This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-49082.
ZDI-24-1656: Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47964.
ZDI-24-1676: ManageEngine Analytics Plus getOAToken Exposed Dangerous Method Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-52323.
ZDI-24-1675: AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11611.