CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434
CVE-2018-7217 HIGH
Tejari Bravo Solution - Unrestricted File Upload
CVSS 8.8
CVE-2018-6860 HIGH
Schools Alert Management Script - Unrestricted File Upload
CVSS 8.8
CVE-2018-6580 CRITICAL
Janguo Jimtawl - Unrestricted File Upload
CVSS 9.8
CVE-2018-1342 CRITICAL
Netiq Access Manager - Unrestricted File Upload
CVSS 9.8
CVE-2018-5997 CRITICAL
RAVPower Filehub <2.000.056 - RCE
CVSS 9.8
CVE-2018-4834 CRITICAL
Siemens Pxc12/22/36-e.d Firmware < 6.00.204 - Missing Authentication
CVSS 9.8
CVE-2018-5749 CRITICAL
Premium Minecraft Servers List < 2.0.4 - Unrestricted File Upload
CVSS 9.8
CVE-2018-5724 CRITICAL
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
CVSS 9.8
CVE-2018-3814 HIGH
Craftcms Craft Cms - Unrestricted File Upload
CVSS 8.8
CVE-2017-20224 CRITICAL
Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload
CVSS 9.8
CVE-2017-20063 MEDIUM
Elefant CMS <1.3.13 - Privilege Escalation
CVSS 6.3
CVE-2017-20021 MEDIUM
Solare Solar-Log <3.5.2-85 - Privilege Escalation
CVSS 6.5
CVE-2017-18592 HIGH
WooCommerce Catalog Enquiry <3.1.0 - Info Disclosure
CVSS 7.5
CVE-2017-18435 HIGH
Cpanel < 56.0.49 - Unrestricted File Upload
CVSS 7.3
CVE-2017-11561 MEDIUM
ZOHO ManageEngine OpManager <12.2 - Command Injection
CVSS 6.5
CVE-2017-3189 HIGH
Dotcms < 3.7.1 - Unrestricted File Upload
CVSS 8.1
CVE-2017-2617 HIGH
Hawtio < 1.5.5 - Improper Input Validation
CVSS 7.6
CVE-2017-16772 HIGH
Synology Photo Station <6.8.3-3463, <6.3-2971 - RCE
CVSS 8.8
CVE-2017-16251 HIGH
Mitel ST <14.2 - Authenticated RCE
CVSS 8.8
CVE-2017-9279 LOW
NetIQ Identity Manager <4.5.6.1 - Code Injection
CVSS 2.0
CVE-2017-7429 HIGH
NetIQ eDirectory PKI plugin <8.8.8.10 - Code Injection
CVSS 8.8
CVE-2017-6931 MEDIUM
Drupal 8.4.x <8.4.5 - Privilege Escalation
CVSS 6.5
CVE-2017-1499 HIGH
IBM Maximo Asset Management - Unrestricted File Upload
CVSS 8.8
CVE-2017-9970 HIGH
Schneider-electric Struxureon Gateway - Unrestricted File Upload
CVSS 7.2
CVE-2017-17976 CRITICAL
Perfexcrm Perfex Crm - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,021
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits