CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434
CVE-2019-13359 HIGH
Webpanel - Unrestricted File Upload
CVSS 7.5
CVE-2019-1010062 CRITICAL
PluckCMS <4.7.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-10935 HIGH
Siemens Simatic Pcs 7 < 7.2 - Unrestricted File Upload
CVSS 7.2
CVE-2019-10930 HIGH
SIPROTEC 5 - Info Disclosure
CVSS 7.5
CVE-2019-12803 CRITICAL
Hunesion I-onenet < 3.0.53 - Unrestricted File Upload
CVSS 9.8
CVE-2019-0327 HIGH
SAP Netweaver Application Server Java - Unrestricted File Upload
CVSS 7.2
CVE-2019-13464 HIGH
Owasp Modsecurity Core Rule Set - Unrestricted File Upload
CVSS 7.5
CVE-2019-12971 CRITICAL
G-U Bks Ebk Ethernet-buskoppler Pro F... - Unrestricted File Upload
CVSS 9.8
CVE-2019-13294 CRITICAL
Arox School-erp - Authentication Bypass
CVSS 9.8
CVE-2019-7257 CRITICAL
Linear eMerge E3-Series - Unrestricted File Upload
CVSS 10.0
CVE-2019-7268 CRITICAL
Linear eMerge 50P/5000P - Unauthenticated File Upload
CVSS 10.0
CVE-2019-4292 HIGH
IBM Security Guardium 10.5 - RCE
CVSS 8.8
CVE-2019-7274 CRITICAL
Optergy Proton/Enterprise - Code Injection
CVSS 9.8
CVE-2019-7669 HIGH
Prima Systems FlexAir <2.3.38 - Code Injection
CVSS 8.8
CVE-2019-13082 CRITICAL
Chamilo Lms - Unrestricted File Upload
CVSS 9.8
CVE-2019-12744 HIGH
Seeddms < 5.1.11 - Unrestricted File Upload
CVSS 7.5
CVE-2019-9842 HIGH
MiniBlog <2018-05-18 - RCE
CVSS 7.2
CVE-2019-10959 CRITICAL
BD Alaris Gateway Workstation Firmware - Unrestricted File Upload
CVSS 10.0
CVE-2019-7838 CRITICAL
ColdFusion <Update 3 - Code Injection
CVSS 9.8
CVE-2019-4069 HIGH
IBM Intelligent Operations Center < 5.2.0 - Unrestricted File Upload
CVSS 8.8
CVE-2019-4056 MEDIUM
IBM Control Desk - Unrestricted File Upload
CVSS 4.3
CVE-2019-9189 HIGH
Primasystems Flexair < 2.3.38 - Unrestricted File Upload
CVSS 8.8
CVE-2019-9642 CRITICAL
Pydio-core <8.2.2 - Code Injection
CVSS 9.8
CVE-2019-1861 HIGH
Cisco Industrial Network Director - RCE
CVSS 7.2
CVE-2019-5357 HIGH
HPE IMC PLAT <7.3 - RCE
CVSS 8.8
Details
Vulnerabilities 4,021
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits