CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434
CVE-2017-14521 HIGH
WonderCMS 2.3.1 - Code Injection
CVSS 8.8
CVE-2017-18048 HIGH
Monstra - Unrestricted File Upload
CVSS 8.8
CVE-2017-16594 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16736 HIGH
Advantech WebAccess <8.3 - Info Disclosure
CVSS 7.5
CVE-2017-15549 HIGH
EMC Networker - Unrestricted File Upload
CVSS 8.8
CVE-2017-17987 HIGH
Muslim Matrimonial Script - Unrestricted File Upload
CVSS 7.2
CVE-2017-17874 HIGH
Vanguard Marketplace Digital Products Php - Unrestricted File Upload
CVSS 8.8
CVE-2017-16949 CRITICAL
AccessKeys AccessPress Anonymous Post Pro <3.1.9 - Code Injection
CVSS 9.8
CVE-2017-15876 HIGH
Gpweb - Unrestricted File Upload
CVSS 7.2
CVE-2017-17727 HIGH
Dedecms < 5.6 - Unrestricted File Upload
CVSS 8.8
CVE-2017-17593 HIGH
Simple Chatting System - Unrestricted File Upload
CVSS 7.5
CVE-2017-13156 HIGH
Android Janus APK Signature bypass
CVSS 7.8
CVE-2017-12332 MEDIUM
Cisco NX-OS System Software - Privilege Escalation
CVSS 4.4
CVE-2017-15673 HIGH
Cs-cart < 4.6.2 - Unrestricted File Upload
CVSS 7.2
CVE-2017-15054 HIGH
Teampass < 2.1.27.9 - Unrestricted File Upload
CVSS 7.5
CVE-2017-16941 HIGH
October CMS <1.0.428 - Authenticated RCE
CVSS 8.8
CVE-2017-2737 HIGH
Huawei Vcm5010 Firmware < v100r002c50spc100 - Unrestricted File Upload
CVSS 8.8
CVE-2017-2699 HIGH
Huawei Honor 7 Firmware < plk-ul00c17b385 - Unrestricted File Upload
CVSS 7.8
CVE-2017-8862 CRITICAL
Cohuhd 3960hd Firmware - Unrestricted File Upload
CVSS 9.8
CVE-2017-1000238 HIGH
InvoicePlane <1.4.10 - Code Injection
CVSS 8.8
CVE-2017-1000194 CRITICAL
October CMS <412 - Privilege Escalation
CVSS 9.8
CVE-2017-16524 HIGH
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVSS 8.8
CVE-2017-10940 HIGH
Joyent Triton Datacenter - Path Traversal
CVSS 8.8
CVE-2017-15990 CRITICAL
Savsofteproducts Phpinventory - Unrestricted File Upload
CVSS 9.8
CVE-2017-15962 CRITICAL
Istock Management System - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,021
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits