CVE-2024-11313

The CVE concerns the DVC from TRCore. A Path Traversal vulnerability allows unauthenticated remote attackers to upload arbitrary files to any directory due to lack of file-type restrictions, enabling arbitrary code execution via webshells. Affected component: DVC from TRCore; issue driven by impr...

CVE-2024-11313 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

CVE-2024-11312 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

CVE-2024-11312 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

CVE-2024-11311 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

CVE-2024-11311 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

PT-2024-16905 · Trcore · Trcore Dvc

Name of the Vulnerable Software and Affected Versions: TRCore DVC versions up to 6.3 Description: The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

PT-2024-16903 · Trcore · Trcore'S Dvc

Name of the Vulnerable Software and Affected Versions: TRCore's DVC affected versions not specified Description: The issue concerns a Path Traversal vulnerability in TRCore's DVC, which does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary...

CVE-2024-11017

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server...

CVE-2024-11018

CVE-2024-11018 affects Grand Vice Info Webopac. Public records describe a lack of proper file-type validation that allows unauthenticated remote attackers to upload and execute webshells, potentially enabling arbitrary code execution on the server. Affected versions are stated as up to 6.5.0/7.2....

CVE-2024-11018 Grand Vice info Webopac - Arbitrary File Upload

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server...

CVE-2024-11017 Grand Vice info Webopac - Arbitrary File Upload

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server...

CVE-2024-11017

CVE-2024-11017 affects Grand Vice info Webopac. The issue is improper validation of uploaded file types in Webopac, enabling remote attackers with regular privileges to upload and execute webshells, risking arbitrary code execution on the server. Affected versions include Grand Vice Webopac 6.x b...

Grand Vice info Webopac 代码问题漏洞

Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A code issue vulnerability exists in Grand Vice info Webopac versions 6.x prior to 6.5.1 and 7.x prior to 7.2.3, which stems fr...

CVE-2024-10201

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

CVE-2024-10201 Wellchoose Administrative Management System - Arbitrary File Upload

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

CVE-2024-10201

The CVE-2024-10201 entry concerns Wellchoose's Administrative Management System, where improper validation of uploaded file types enables remote attackers with regular privileges to upload and execute webshells. CVSS 3.1 base score 8.8 (HIGH) indicates high impact on confidentiality, integrity, a...

CVE-2024-10201 Wellchoose Administrative Management System - Arbitrary File Upload

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

CVE-2024-46540

CVE-2024-46540 affects Emlog Pro prior to v2.3.15. The vulnerability resides in the /admin/store.php component, enabling a remote code execution where an attacker can use remote file downloads and self-extract functions to upload web shells and gain system privileges. Documented impact: potential...

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...