CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11312 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11312
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8249-65252-2.html https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11311 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11311
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8247-83457-2.html https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6 https://github.com/miniupnp/miniupnp/pull/157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50919
https://notcve.org/view.php?id=CVE-2024-50919
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution • https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3 https://github.com/JPressProjects/jpress https://github.com/microvorld/CVE-2024/blob/main/jpress.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51053
https://notcve.org/view.php?id=CVE-2024-51053
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://binqqer.com/posts/CVE-2024-51053 https://vulners.com/packetstorm/PACKETSTORM:173122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •