CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
11 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. • https://codecanyon.net/item/subscribe-download/2687305 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 12CVE-2024-53677 – Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
https://notcve.org/view.php?id=CVE-2024-53677
11 Dec 2024 — An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. ... • https://packetstorm.news/files/id/183165 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12548 – Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12548
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12549 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12549
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11611 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11611
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12551 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12551
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11609 – AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11609
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12550 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12550
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11610 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11610
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12040 – Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme'
https://notcve.org/view.php?id=CVE-2024-12040
11 Dec 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/changeset/3203986/woo-product-carousel-slider-and-grid-ultimate/tags/1.10.0/includes/classes/class-shortcode.php • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •