CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,133 vulnerabilities with CWE-434
CVE-2018-25158
HIGH
Chamilo LMS 1.11.8 - Authenticated RCE
CVSS 8.8
CVE-2018-25114
CRITICAL
osCommerce Online Merchant <2.3.4.1 - RCE
CVE-2018-25019
HIGH
LearnDash LMS WordPress Plugin < 2.5.4 - Unauthenticated Arbitrary File Upload via learndash_assignment_process_init()
CVSS 7.5
CVE-2018-21244
CRITICAL
Foxit PhantomPDF < 8.3.6 - Arbitrary Application Execution via PDF Portfolio
CVSS 9.8
CVE-2018-21243
MEDIUM
Foxit PhantomPDF < 8.3.6 - Unrestricted Upload of File with Dangerous Type via COM Object Mishandling
CVSS 6.5
CVE-2018-19798
HIGH
Fleetco Fleet Maintenance Management < 1.2 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2018-17058
HIGH
JABA XPress Online Shop <2018-09-14 - Code Injection
CVSS 8.8
CVE-2018-18930
HIGH
Tightrope Media Carousel < 7.0.4.104 - Authenticated Remote Code Execution via Bulletin Upload Feature
CVSS 8.8
CVE-2018-21024
CRITICAL
Centreon < 2.8.27 - Unauthenticated Arbitrary File Upload via licenseUpload.php
CVSS 9.8
CVE-2018-18572
HIGH
osCommerce 2.3.4.1 - Authenticated Arbitrary PHP File Upload via .pht Extension Bypass
CVSS 7.2
CVE-2018-20926
MEDIUM
cPanel 61.9999.55-62.0.42 - Local Privilege Escalation via WHM Locale XML Upload
CVSS 6.7
CVE-2018-20925
MEDIUM
cPanel 61.9999.55-62.0.42 - Local Privilege Escalation via WHM Legacy Language File Upload
CVSS 6.7
CVE-2018-19612
HIGH
Westermo DR-250 and DR-260 Firmware Pre-5162 - Unrestricted Upload of File with Dangerous Type via /uploadfile
CVSS 8.8
CVE-2018-4063
HIGH
KEV
Sierra Wireless ALEOS < 4.4.9 - Authenticated Remote Code Execution via upload.cgi
CVSS 8.8
CVE-2018-19453
HIGH
Kentico Xperience < 11.0.45 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2018-20526
CRITICAL
Roxy Fileman 1.4.5 - Unrestricted File Upload via upload.php
CVSS 9.8
CVE-2018-19514
CRITICAL
ens/webgalamb < 7.0 - Unauthenticated Remote Code Execution via CSV File Upload
CVSS 9.8
CVE-2018-17418
HIGH
Monstra CMS 3.0.4 - Remote Code Execution via Mixed-Case File Extension Bypass
CVSS 7.2
CVE-2018-20063
HIGH
Gurock TestRail 5.6.0.3853 - Unrestricted Upload of File
CVSS 8.8
CVE-2018-1969
CRITICAL
IBM Security Identity Manager 6.0.0 - Info Disclosure
CVSS 9.0
CVE-2018-16169
HIGH
Cybozu Remote Service 3.0.0-3.1.0 - Authenticated Unrestricted Upload of Java Code File
CVSS 8.8
CVE-2018-20166
HIGH
Rukovoditel 2.3.1 - Authenticated Remote Code Execution via Malicious Background Image Upload
CVSS 8.8
CVE-2018-5204
CRITICAL
ML Report 2.00.000.0000-2.18.628.5980 - Remote Code Execution via ActiveX Method Argument
CVSS 9.8
CVE-2018-15333
MEDIUM
BIG-IP Local Traffic Manager 11.2.1-11.6.3 - Unrestricted Snapshot File Access
CVSS 5.5
CVE-2018-7836
CRITICAL
IIoT Monitor 3.1.38 - Code Injection
CVSS 9.8
Details
Vulnerabilities
4,133
Exploit Likelihood
Medium