CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11314 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11314
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html https://www.twcert.org.tw/tw/cp-132-8252-91d6a-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11313 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11313
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11312 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11312
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8249-65252-2.html https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11311 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11311
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8247-83457-2.html https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50919
https://notcve.org/view.php?id=CVE-2024-50919
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution • https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3 https://github.com/JPressProjects/jpress https://github.com/microvorld/CVE-2024/blob/main/jpress.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •