CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434

CVE-2019-25616 MEDIUM

AnMing MP3 CD Burner 2.0 Local Denial of Service

CVSS 6.2

CVE-2019-25582 MEDIUM

i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter

CVSS 6.5

CVE-2019-25580 HIGH

ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php

CVSS 8.2

CVE-2019-25296 CRITICAL

WP Cost Estimation <9.642 - RCE

CVSS 9.8

CVE-2019-25229 HIGH

Kentico Xperience - Unrestricted File Upload

CVSS 8.8

CVE-2019-25138 CRITICAL

User Submitted Posts <20190312 - RCE

CVSS 9.8

CVE-2019-18643 CRITICAL

Rock RMS <8.10, 9.0-9.3 - RCE

CVSS 9.8

CVE-2019-1888 HIGH

Cisco Unified CCX - RCE

CVSS 7.2

CVE-2019-20897 MEDIUM

Atlassian Jira < 8.5.4 - Unrestricted File Upload

CVSS 6.5

CVE-2019-15123 HIGH

Vikisolutions Vera - Unrestricted File Upload

CVSS 7.2

CVE-2019-16066 HIGH

NETSAS Enigma NMS <65.0.0 - Code Injection

CVSS 8.8

CVE-2019-11074 HIGH

Paessler Prtg Network Monitor < 19.1.49 - Unrestricted File Upload

CVSS 7.2

CVE-2019-20451 CRITICAL

Samsung Prismview Player 11 - Unrestricted File Upload

CVSS 9.8

CVE-2019-16514 HIGH

ConnectWise Control <19.3.25270.7185 - RCE

CVSS 7.2

CVE-2019-20385 HIGH

Logaritmo Aware Callmanager - Unrestricted File Upload

CVSS 8.8

CVE-2019-20183 HIGH

Employee Records System - Unrestricted File Upload

CVSS 7.2

CVE-2019-16790 MEDIUM

Tiny File Manager <2.3.9 - RCE

CVSS 6.5

CVE-2019-20048 HIGH

Al-enterprise Omnivista 8770 < 4.1.12 - Unrestricted File Upload

CVSS 7.2

CVE-2019-19925 HIGH

Sqlite < 1.0.1.1 - Unrestricted File Upload

CVSS 7.5

CVE-2019-8293 CRITICAL

Abcprintf Upload-image-with-ajax - Unrestricted File Upload

CVSS 9.8

CVE-2019-19634 CRITICAL

verot.net class.upload <2.0.4 - Info Disclosure

CVSS 9.8

CVE-2019-19745 HIGH

Contao < 4.4.45 - Unrestricted File Upload

CVSS 8.8

CVE-2019-18320 HIGH

Siemens Sppa-t3000 Application Server < r8.2 - Authentication Bypass

CVSS 7.5

CVE-2019-18313 CRITICAL

Siemens Sppa-t3000 Ms3000 Migration Server - Unrestricted File Upload

CVSS 9.8

CVE-2019-18288 HIGH

Siemens Sppa-t3000 Application Server < r8.2 - Out-of-Bounds Write

CVSS 8.8

Details

Vulnerabilities 4,021

Exploit Likelihood Medium

Links