CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,132 vulnerabilities with CWE-434
CVE-2020-23972
HIGH
Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure
CVSS 7.5
CVE-2020-15645
HIGH
Marvell QConvergeConsole < 5.5.00.73 - Remote Code Execution via GWTTestServiceImpl getFileFromURL Path Traversal
CVSS 8.8
CVE-2020-24186
CRITICAL
wpDiscuz 7.0-7.0.4 - Unauthenticated Remote Code Execution via File Upload
CVSS 10.0
CVE-2020-22722
HIGH
Rapid Software LLC Rapid SCADA 5.8.0 - Privilege Escalation
CVSS 7.8
CVE-2020-22721
HIGH
PNotes.NET 3.8.1.2 - Unrestricted Upload of Executable File via External Programs Feature
CVSS 7.8
CVE-2020-17462
HIGH
CMS Made Simple <2.2.14 - Auth Bypass
CVSS 7.8
CVE-2020-7302
MEDIUM
McAfee Data Loss Prevention 11.3.0-11.3.28 - Authenticated Unrestricted File Upload
CVSS 5.4
CVE-2020-6293
MEDIUM
SAP NetWeaver - Unrestricted File Upload
CVSS 6.5
CVE-2020-15649
MEDIUM
Firefox ESR < 68.11 - Unrestricted File Upload via Malicious File Picker
CVSS 5.5
CVE-2020-17452
HIGH
flatcore < 1.5.7 - Authenticated Arbitrary File Upload via PHP File Execution
CVSS 7.2
CVE-2020-14488
HIGH
OpenClinic GA 5.09.02 and 5.89.05b - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2020-11476
HIGH
Concrete CMS < 8.5.3 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2020-9309
HIGH
Silverstripe CMS < 4.5 - Unrestricted Upload of File with Dangerous Type via MIME Detection
CVSS 8.8
CVE-2020-14066
HIGH
IceWarp Mail Server 12.3.0.1 - Unrestricted Upload of JavaScript Files
CVSS 8.8
CVE-2020-14065
MEDIUM
IceWarp Mail Server 12.3.0.1 - Unrestricted File Upload
CVSS 6.5
CVE-2020-12854
HIGH
SecZetta NEProfile 3.3.11 - Authenticated Remote Code Execution via Malicious JPEG Avatar Upload
CVSS 8.8
CVE-2020-1469
HIGH
Bond 3.0.0-9.0.0 - Denial of Service via Improper Input Parsing
CVSS 7.5
CVE-2020-8181
MEDIUM
Nextcloud Contacts <3.2.0 - Info Disclosure
CVSS 4.3
CVE-2020-13994
HIGH
Mods for HESK 3.1.0-2019.1.0 - Authenticated Remote Code Execution via Ticket Upload
CVSS 8.8
CVE-2020-13443
HIGH
ExpressionEngine < 5.3.2 - Authenticated Arbitrary File Upload and Remote Code Execution via Compose Msg Attachment
CVSS 8.8
CVE-2020-13887
HIGH
Kordil EDMS through 2.2.60rc3 - Remote Command Execution via .php File Upload
CVSS 8.8
CVE-2020-8162
HIGH
Rails <5.2.4.2, <6.0.3.1 - Info Disclosure
CVSS 7.5
CVE-2020-12005
HIGH
FactoryTalk Linx 6.00-6.11 and RSLinx Classic < 4.11.00 - Denial of Service via Malicious EDS File Upload
CVSS 7.5
CVE-2020-4470
HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.0
CVE-2020-14067
CRITICAL
Naviwebs Navigatecms - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities
4,132
Exploit Likelihood
Medium