CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434

CVE-2019-16790 MEDIUM

Tiny File Manager < 2.3.9 - Authenticated Remote Code Execution via Upload from URL and Edit/Rename

CVSS 6.5

CVE-2019-20048 HIGH

Alcatel-Lucent OmniVista 8770 < 4.1.12 - Authenticated Remote Code Execution via PHP File Upload

CVSS 7.2

CVE-2019-19925 HIGH

SQLite 3.30.1 - Unrestricted Upload of File with Dangerous Type via zipfileUpdate

CVSS 7.5

CVE-2019-8293 CRITICAL

upload-image-with-ajax v1.0 - Unrestricted File Upload

CVSS 9.8

CVE-2019-19634 CRITICAL

verot.net class.upload <2.0.4 - Info Disclosure

CVSS 9.8

CVE-2019-19745 HIGH

Contao 4.0-4.8.5 - Authenticated Arbitrary File Upload and Remote Code Execution via Form Generator

CVSS 8.8

CVE-2019-18320 HIGH

SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Arbitrary File Upload

CVSS 7.5

CVE-2019-18313 CRITICAL

SPPA-T3000 MS3000 Migration Server - Remote Code Execution via RPC Service

CVSS 9.8

CVE-2019-18288 HIGH

SPPA-T3000 Application Server < R8.2 SP2 - Authenticated Remote Code Execution via Unsecured File Upload

CVSS 8.8

CVE-2019-15936 CRITICAL

Intesync Solismed 3.3sp - Insecure File Upload

CVSS 9.8

CVE-2019-4612 HIGH

IBM Planning Analytics 2.0 - Code Injection

CVSS 8.8

CVE-2019-19684 HIGH

nopCommerce v4.2.0 - Privilege Escalation

CVSS 8.8

CVE-2019-19595 CRITICAL

Adobe Stock API Integration 4.8 for PrestaShop - Remote Code Execution via File Upload

CVSS 9.8

CVE-2019-19594 CRITICAL

Adobe Stock API Integration for PrestaShop - Remote Code Execution via .php File Upload

CVSS 9.8

CVE-2019-11216 MEDIUM

BMC Remedy Smart Reporting 9.1.03 - Authenticated XML External Entity Injection via Import Functionality

CVSS 6.5

CVE-2019-19576 CRITICAL

verot.net class.upload <2.0.4 - Info Disclosure

CVSS 9.8

CVE-2019-4130 HIGH

IBM Cloud Pak System 2.3 and 2.3.0.1 - Unrestricted File Upload

CVSS 8.8

CVE-2019-19020 HIGH

TitanHQ WebTitan < 5.18 - Authenticated Arbitrary File Write via Backup File Upload

CVSS 7.2

CVE-2019-19493 MEDIUM

Kentico Xperience 9.0-12.0.49 - Cross-Site Scripting via Inconsistent Content-Type Header

CVSS 5.4

CVE-2019-19468 HIGH

Free Photo Viewer 1.3 - Remote Code Execution via Crafted BMP/TIFF File

CVSS 7.8

CVE-2019-17403 HIGH

Nokia IMPACT < 18a - Remote Code Execution via Unrestricted File Upload

CVSS 8.8

CVE-2019-12409 CRITICAL

Apache Solr 8.1.1-8.2.0 - Unauthenticated Remote Code Execution via Insecure JMX Configuration

CVSS 9.8

CVE-2019-12271 CRITICAL

Sandline Centraleyezer - Info Disclosure

CVSS 9.8

CVE-2019-19084 MEDIUM

Octopus Deploy <2019.10.4 - Info Disclosure

CVSS 4.3

CVE-2019-17058 CRITICAL

Footy Tipping Software AFL Web Edition 2019 - Authenticated Remote Code Execution via Whitelist Bypass

CVSS 9.1

Details

Vulnerabilities 4,133

Exploit Likelihood Medium

Links