CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,133 vulnerabilities with CWE-434
CVE-2020-14067
CRITICAL
Naviwebs Navigatecms - Unrestricted File Upload
CVSS 9.8
CVE-2020-13855
HIGH
Artica Pandora FMS 7.44 - Unauthenticated Arbitrary File Upload via File Repository Manager
CVSS 7.2
CVE-2020-13852
HIGH
Artica Pandora FMS 7.44 - Unauthenticated Arbitrary File Upload via File Manager
CVSS 7.2
CVE-2020-12800
CRITICAL
Wordpress Drag and Drop Multi File Uploader RCE
CVSS 9.8
CVE-2020-12846
HIGH
Zimbra Collaboration Suite < 8.8.15 and 9.x < 9.0.0 - Remote Code Execution via Avatar File Upload
CVSS 8.0
CVE-2020-12675
HIGH
mappress-google-maps-for-wordpress <2.54.6 - RCE
CVSS 8.8
CVE-2020-13442
CRITICAL
DEXT5 < 2.7.1402870 - Remote Code Execution via dext5handler.jsp File Upload
CVSS 9.8
CVE-2020-13384
HIGH
Monstra CMS 3.0.4 - Authenticated Arbitrary PHP File Upload via .php7 Extension
CVSS 8.8
CVE-2020-1112
CRITICAL
Windows BITS IIS Module - Unrestricted File Upload and Privilege Escalation
CVSS 9.9
CVE-2020-1102
HIGH
Microsoft SharePoint Enterprise Server - Remote Code Execution via Unchecked Application Package Markup
CVSS 8.8
CVE-2020-1024
HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-1023
HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-12828
CRITICAL
AnchorFree VPN SDK <1.3.3.218 - Code Injection
CVSS 9.8
CVE-2020-13241
HIGH
Microweber 1.1.18 - Unrestricted File Upload
CVSS 7.8
CVE-2020-11807
HIGH
Sourcefabric Newscoop 4.4.7 - Authenticated Arbitrary PHP Code Execution via Avatar Upload
CVSS 7.8
CVE-2020-12255
HIGH
rConfig 3.9.4 - Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2020-13128
HIGH
GWTUpload 1.0.3 - Denial of Service via Delay Parameter
CVSS 7.5
CVE-2020-13126
CRITICAL
Elementor Pro < 2.9.4 - Authenticated Remote Code Execution via Arbitrary File Upload
CVSS 9.9
CVE-2020-5577
HIGH
Movable Type <7.2.1, <6.5.3, <6.3.11 - Path Traversal
CVSS 8.8
CVE-2020-11108
HIGH
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
CVSS 8.8
CVE-2020-5880
HIGH
Om BIG-IP <15.0.1.3-14.1.2.3 - File Upload
CVSS 7.1
CVE-2020-11943
HIGH
Open-AudIT 3.2.2 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2020-12252
MEDIUM
Gigamon GigaVUE 5.4-5.4.04 - Authenticated Unrestricted File Upload via Filename Parameter
CVSS 6.2
CVE-2020-11817
CRITICAL
Rukovoditel 2.5.2 - Unauthenticated Arbitrary File Upload via Maintenance Mode
CVSS 9.8
CVE-2020-12077
HIGH
MapPress < 2.53.9 - Unauthenticated Remote Code Execution via AJAX Function
CVSS 8.8
Details
Vulnerabilities
4,133
Exploit Likelihood
Medium