CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11018 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11018
11 Nov 2024 — Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11017 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11017
11 Nov 2024 — Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-41992
https://notcve.org/view.php?id=CVE-2024-41992
11 Nov 2024 — For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. • https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50636
https://notcve.org/view.php?id=CVE-2024-50636
11 Nov 2024 — PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling atta... • https://github.com/schrodinger/pymol-open-source/issues/405 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52369 – WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52369
11 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52370 – WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52370
11 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/hive-support/wordpress-hive-support-wordpress-help-desk-live-chat-ai-chat-bot-plugin-for-wordpress-plugin-1-1-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52372 – WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52372
11 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/easy-csv-importer/wordpress-easy-csv-importer-plugin-7-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52373 – WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52373
11 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/devexhub-gallery/wordpress-devexhub-gallery-plugin-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52374 – WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52374
11 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/do-that-task/wordpress-do-that-task-plugin-1-5-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52375 – WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52375
11 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/datasets-manager-by-arttia-creative/wordpress-datasets-manager-by-arttia-creative-plugin-1-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •