CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2021-40845
HIGH
Zenitel AlphaCom XE Audio Server <11.2.3.10 - Code Injection
CVSS 8.8
CVE-2021-36582
CRITICAL
Kooboo CMS 2.1.1.0 - Command Injection
CVSS 9.8
CVE-2021-36581
CRITICAL
Kooboo CMS 2.1.1.0 - Code Injection
CVSS 9.8
CVE-2021-24620
HIGH
Simple Ecommerce Shopping Cart Plugin < 2.2.5 - Authenticated Arbitrary File Upload via Downloadable Product Feature
CVSS 8.8
CVE-2021-24493
CRITICAL
Shopp WordPress Plugin < 1.4 - Unauthenticated Arbitrary File Upload via shopp_upload_file AJAX Action
CVSS 9.8
CVE-2021-24490
MEDIUM
Email Artillery WordPress Plugin < 4.1 - Unauthenticated Arbitrary File Upload via Import Emails Feature
CVSS 6.8
CVE-2021-36440
CRITICAL
showdoc < 2.9.6 - Unauthenticated Arbitrary File Upload via file_url Parameter
CVSS 9.8
CVE-2021-38841
HIGH
Simple Water Refilling Station Management System 1.0 - RCE
CVSS 8.8
CVE-2021-40531
CRITICAL
Sketch < 75 - Remote Code Execution via Library Feed File Quarantine Bypass
CVSS 9.8
CVE-2021-40524
HIGH
Pure-FTPd 1.0.23-1.0.49 - Unrestricted File Upload and Denial of Service via Incorrect Max Filesize Quota
CVSS 7.5
CVE-2021-36042
CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin File Upload Code Execution
CVSS 9.1
CVE-2021-36040
CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin File Extension Bypass Code Execution
CVSS 9.1
CVE-2021-29907
HIGH
IBM OpenPages with Watson 8.1-8.2 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2021-36356
CRITICAL
Kramer VIAware < 2021-08 - Remote Code Execution via ajaxPages/writeBrowseFilePathAjax.php
CVSS 9.8
CVE-2021-32955
CRITICAL
Delta Electronics DIAEnergie <1.7.5 - RCE
CVSS 9.8
CVE-2021-40175
CRITICAL
Zoho ManageEngine Log360 <Build 5219 - RCE
CVSS 9.8
CVE-2021-33884
MEDIUM
B. Braun SpaceCom2 < 012U000062 - Unrestricted Upload of File with Dangerous Type via Webpage API
CVSS 6.5
CVE-2021-38613
CRITICAL
NASCENT RemKon Device Mgr <4.0.0.0 - RCE
CVSS 9.8
CVE-2021-39608
HIGH
FlatCore-CMS 2.0.7 - Remote Code Execution via Upload Addon Plugin
CVSS 7.2
CVE-2021-39154
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
CVE-2021-39153
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
CVE-2021-39151
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
CVE-2021-39149
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
CVE-2021-39148
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
CVE-2021-39147
HIGH
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.5
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium