CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11312 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11312
18 Nov 2024 — This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8249-65252-2.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11311 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11311
18 Nov 2024 — This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8247-83457-2.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-50849
https://notcve.org/view.php?id=CVE-2024-50849
18 Nov 2024 — Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code. A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. • https://github.com/Wh1teSnak3/CVE-2024-50849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44757
https://notcve.org/view.php?id=CVE-2024-44757
18 Nov 2024 — An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52444 – WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52444
18 Nov 2024 — The Opal Woo Custom Product Variation plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/opal-woo-custom-product-variation/wordpress-opal-woo-custom-product-variation-plugin-1-1-3-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50919
https://notcve.org/view.php?id=CVE-2024-50919
18 Nov 2024 — Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution • https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-33231
https://notcve.org/view.php?id=CVE-2024-33231
18 Nov 2024 — Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. • https://github.com/fdzdev/CVE-2024-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51053
https://notcve.org/view.php?id=CVE-2024-51053
18 Nov 2024 — An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://binqqer.com/posts/CVE-2024-51053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
18 Nov 2024 — In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52447 – WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52447
18 Nov 2024 — The Contact Page With Google Map plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/contact-page-with-google-map/wordpress-contact-page-with-google-map-plugin-1-6-1-arbitrary-file-deletion-vulnerability? • CWE-35: Path Traversal: '.../...//' CWE-862: Missing Authorization •