CVE-2024-11313 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11313
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-11312 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11312
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8249-65252-2.html https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-11311 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11311
This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8247-83457-2.html https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-50919
https://notcve.org/view.php?id=CVE-2024-50919
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution • https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3 https://github.com/JPressProjects/jpress https://github.com/microvorld/CVE-2024/blob/main/jpress.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-52945
https://notcve.org/view.php?id=CVE-2024-52945
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. • https://www.veritas.com/content/support/en_US/security/VTS24-012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •