CVE-2024-27174 – insecure upload
https://notcve.org/view.php?id=CVE-2024-27174
Remote Command program allows an attacker to get Remote Code Execution. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-27173 – insecure upload
https://notcve.org/view.php?id=CVE-2024-27173
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código sobrescribiendo archivos Python existentes que contienen código ejecutable. • https://github.com/Ieakd/0day-POC-for-CVE-2024-27173 http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-27172 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27172
Remote Command program allows an attacker to get Remote Code Execution. ... El programa Remote Command permite a un atacante obtener la ejecución remota de código. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-27171 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27171
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVE-2024-27155 – Local Privilege Escalation and Remote Code Execution using insecure permissions
https://notcve.org/view.php?id=CVE-2024-27155
The programs can be replaced by malicious programs by any local or remote attacker. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •