CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2396 – e-Excellence U-Office Force - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2396
17 Mar 2025 — The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-10014-69aa5-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2395 – e-Excellence U-Office Force - Improper Authentication
https://notcve.org/view.php?id=CVE-2025-2395
17 Mar 2025 — The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator. • https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32757 – e-Excellence U-Office Force - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-32757
25 Aug 2023 — e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. La función de carga de archivos de e-Excellence U-Office Force no restringe la carga de archivos de tipo peligroso. Un atacante remoto no autenticado sin registro del servicio puede explotar esta vulnerabilidad para cargar archivos arbit... • https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32756 – e-Excellence U-Office Force - Path Traversal
https://notcve.org/view.php?id=CVE-2023-32756
25 Aug 2023 — e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. e-Excellence U-Office Force tiene una vulnerabilidad de path traversal dentro de sus funciones de carga y descarga de archivos. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para leer archivos arbitrarios del sistema, pero no pu... • https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32755 – e-Excellence U-Office Force - Error Message Leakage
https://notcve.org/view.php?id=CVE-2023-32755
25 Aug 2023 — e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command. e-Excellence U-Office Force genera un mensaje de error en el servicio del sitio web. Un atacante remoto no autenticado puede obtener información confidencial parcial del sistema a partir de un mensaje de error enviando un comando manipulado. • https://www.twcert.org.tw/tw/cp-132-7328-d4112-1.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39027 – e-Excellence Inc. U-Office Force - Stored XSS
https://notcve.org/view.php?id=CVE-2022-39027
31 Oct 2022 — U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. La función U-Office Force Forum tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto con privilegios de usuario general puede inyectar JavaScript y realizar un ataque XSS (Stored Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6642-bf567-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39026 – e-Excellence Inc. U-Office Force - Stored XSS
https://notcve.org/view.php?id=CVE-2022-39026
31 Oct 2022 — U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. La página U-Office Force UserDefault no tiene filtrado suficiente para caracteres especiales en los campos del encabezado HTTP. Un atacante remoto con privilegios de usuario general puede aprovechar esta vulnerabilidad para inyectar JavaScript y reali... • https://www.twcert.org.tw/tw/cp-132-6641-55796-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39025 – e-Excellence Inc. U-Office Force - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-39025
31 Oct 2022 — U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. La función U-Office Force PrintMessage tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar JavaScript y realizar un ataque XSS (Reflected Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6640-e74a3-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39024 – e-Excellence Inc. U-Office Force - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-39024
31 Oct 2022 — U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. La función U-Office Force Bulletin tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar JavaScript y realizar un ataque XSS (Reflected Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6639-fad13-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39023 – e-Excellence Inc. U-Office Force - Path Traversal
https://notcve.org/view.php?id=CVE-2022-39023
31 Oct 2022 — U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. La función U-Office Force Download tiene una vulnerabilidad de Path Araversal. Un atacante remoto con privilegios de usuario general puede aprovechar esta vulnerabilidad para descargar archivos de sistema arbitrarios. • https://www.twcert.org.tw/tw/cp-132-6638-08596-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •