122 matches found
CVE-2025-3928 Commvault Web Server unspecified vulnerability
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...
VulnCheck KEV: CVE-2025-3928
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...
CVE-2024-11979
DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11979 Interinfo DreamMaker - Unrestricted File Upload through Path Traversal
DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
PT-2024-17380 · Interinfo · Dreammaker
Name of the Vulnerable Software and Affected Versions: DreamMaker from Interinfo affected versions not specified Description: The issue allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. This is due to a...
CVE-2024-11680
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680
ProjectSend exposes an improper authentication/authorization vulnerability that affects versions prior to r1720 (r1605 and older per sources). An unauthenticated remote attacker can exploit crafted requests to options.php to modify configuration, enabling account creation, file uploads (including...
CVE-2024-11680
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration. Successful exploitation...
CVE-2024-11315
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11314
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11314
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11313
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11311
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11315 TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11314 TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11314
The CVE refers to TRCore DVC, which has a Path Traversal vulnerability with unrestricted upload file types, enabling unauthenticated remote attackers to upload arbitrary files to any directory and achieve arbitrary code execution via web shells. Concrete details found in connected PT-2024-16905 i...
CVE-2024-11314 TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
CVE-2024-11313 TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...