all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-781: PaperCut NG generateNextFileName Directory Traversal Remote Code Execution Vulnerability

Add to bookmarks
June 18, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-1654.

arbitrary code attackers authentication code code execution cve cve-2024 cves cvss directory directory traversal exploit papercut rating remote code remote code execution vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 1 day, 15 hours ago | www.zerodayinitiative.com
attackers authentication cve cve-2024 +16
ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +25
ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +21
ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +23
ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +24
ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication cameras +16
ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
attackers authentication cameras cvss +11
ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
attacker attackers cameras code +18
ZDI-24-833: (Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +17

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Account Executive - Secureworks Direct Sales - US Remote Philadelphia

@ Dell Technologies | Remote - Pennsylvania, United States
View on infosec-jobs.com

SATCOM Technician - Shariki, Japan - Secret Clearance (Onsite)

@ RTX | RVA99: RTN Remote, Virginia
View on infosec-jobs.com

Senior Test Engineer

@ Commonwealth Bank | Bengaluru - Manyata Tech Park Road
View on infosec-jobs.com

Lead Developer - Pipeline & Algorithms

@ Arctic Wolf | Waterloo
View on infosec-jobs.com