CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,022 vulnerabilities with CWE-434
CVE-2017-7281 HIGH
Unitrends Enterprise Backup <9.1.2 - RCE
CVSS 8.8
CVE-2017-7695 CRITICAL
BigTree CMS <4.2.17 - Code Injection
CVSS 9.8
CVE-2017-6104 HIGH
Zen Mobile App Native < 3.0 - Authentication Bypass
CVSS 7.5
CVE-2017-5520 HIGH
Metalgenix Genixcms < 0.0.8 - Unrestricted File Upload
CVSS 8.8
CVE-2016-20052 CRITICAL
Snews CMS 1.7 Unrestricted File Upload via snews_files
CVSS 9.8
CVE-2016-15046 HIGH
Hanwha Techwin SSM <1.32-1.4 - RCE
CVE-2016-15043 CRITICAL
WP Mobile Detector <3.5 - File Upload
CVSS 9.8
CVE-2016-15042 CRITICAL
WordPress <4.0, WordPress <1.1 - Unauthenticated RCE
CVSS 9.8
CVE-2016-15033 CRITICAL
WordPress Delete All Comments <2.0 - File Upload
CVSS 9.8
CVE-2016-6918 CRITICAL
Lexmark Markvision Enterprise < 2.4.1 - Unrestricted File Upload
CVSS 9.8
CVE-2016-11020 CRITICAL
Kunena < 5.0.4 - Unrestricted File Upload
CVSS 9.8
CVE-2016-10995 CRITICAL
Templatic Telvolution < 2.3.0 - Unrestricted File Upload
CVSS 9.8
CVE-2016-10959 MEDIUM
Estatik < 2.3.1 - Unrestricted File Upload
CVSS 6.5
CVE-2016-10958 HIGH
Estatik < 2.3.0 - Unrestricted File Upload
CVSS 7.5
CVE-2016-10955 CRITICAL
Cysteme-finder < 1.4 - Unrestricted File Upload
CVSS 9.8
CVE-2016-10954 CRITICAL
Dynamicpress Neosense < 1.8 - Unrestricted File Upload
CVSS 9.8
CVE-2016-10758 HIGH
Phpkit - Unrestricted File Upload
CVSS 8.8
CVE-2016-10752 CRITICAL
S9Y Serendipity - Unrestricted File Upload
CVSS 9.8
CVE-2016-10751 HIGH
Osclass - Path Traversal
CVSS 7.2
CVE-2016-9492 CRITICAL
Jqueryform Php Formmail Generator - Unrestricted File Upload
CVSS 9.8
CVE-2016-10036 CRITICAL
JFrog Artifactory <4.16 - RCE
CVSS 9.8
CVE-2016-10258 MEDIUM
Broadcom Advanced Secure Gateway < 6.6.5.14 - Unrestricted File Upload
CVSS 6.8
CVE-2016-7443 CRITICAL
Exponentcms Exponent Cms < 2.3.9 - Unrestricted File Upload
CVSS 9.8
CVE-2016-8515 HIGH
HPE VCRM <7.6 - RCE
CVSS 8.8
CVE-2016-0354 MEDIUM
IBM Sametime Enterprise Meeting Server <9.0 - Privilege Escalation
CVSS 5.5
Details
Vulnerabilities 4,022
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits