CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,134 vulnerabilities with CWE-434
CVE-2018-9153
HIGH
Z-BlogPHP 1.5.1 - Unauthenticated Arbitrary PHP File Upload via Plugin Upload Component
CVSS 7.2
CVE-2018-9037
HIGH
Monstra CMS 3.0.4 - Remote Code Execution via ZIP File Upload
CVSS 8.8
CVE-2018-2404
MEDIUM
SAP Disclosure Management 10.1 - Unrestricted Upload of File with Dangerous Type
CVSS 4.3
CVE-2018-9157
HIGH
AXIS M1033-W Firmware 5.40.5.1 - Unauthenticated Remote Code Execution via Webshell Upload
CVSS 7.5
CVE-2018-9156
HIGH
AXIS P1354 Firmware 5.90.1.1 - Unrestricted Upload of File with Dangerous Type via fileUpload.shtml
CVSS 7.5
CVE-2018-8944
CRITICAL
PHPOK 4.8.338 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2018-8766
CRITICAL
joyplus-cms 1.6.0 - Remote Code Execution via Arbitrary File Upload in Editor
CVSS 9.8
CVE-2018-1000094
HIGH
CMS Made Simple <2.2.5 - Authenticated RCE
CVSS 7.2
CVE-2018-7562
HIGH
GLPI < 9.2.1 - Authenticated Remote Code Execution via Race Condition in File Upload
CVSS 7.5
CVE-2018-1215
HIGH
Dell EMC Solutions Enabler Virtual Appliance < 8.4.0.21 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2018-7665
CRITICAL
ClipBucket < 4.0.0 - Unrestricted File Upload via beats_uploader.php/photo_uploader.php/edit_account.php
CVSS 9.8
CVE-2018-7567
HIGH
OTRS 5.0.0-5.0.24 and 6.0.0-6.0.1 - Authenticated Remote Code Execution via Crafted OPM File
CVSS 7.2
CVE-2018-7316
CRITICAL
Proclaim 9.1.1 - Arbitrary File Upload via Mediafileform Action
CVSS 9.8
CVE-2018-7217
HIGH
Bravo Tejari Procurement Portal - Unrestricted Upload of File with Dangerous Type via esop/evm/OPPreliminaryForms.do
CVSS 8.8
CVE-2018-6860
HIGH
Schools Alert Management Script 2.0.2 - Unrestricted File Upload and Remote Code Execution via Profile Picture
CVSS 8.8
CVE-2018-6580
CRITICAL
Jimtawl 2.1.6 and 2.2.5 - Unrestricted File Upload via Component Request
CVSS 9.8
CVE-2018-1342
CRITICAL
NetIQ Access Manager 4.3-4.4 - Unrestricted File Upload to Admin Console
CVSS 9.8
CVE-2018-5997
CRITICAL
RAVPower Filehub 2.000.056 - Path Traversal and Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2018-4834
CRITICAL
Siemens Desigo PXC/PXM - Unauthenticated Firmware Upload
CVSS 9.8
CVE-2018-5749
CRITICAL
Premium Minecraft Servers List < 2.0.4 - Unauthenticated Arbitrary PHP File Upload via install.php
CVSS 9.8
CVE-2018-5724
CRITICAL
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
CVSS 9.8
CVE-2018-3814
HIGH
Craft CMS 2.6.3000 - Remote Code Execution via Asset Upload and Replace
CVSS 8.8
CVE-2017-20224
CRITICAL
Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload
CVSS 9.8
CVE-2017-20063
MEDIUM
Elefant CMS <1.3.13 - Privilege Escalation
CVSS 6.3
CVE-2017-20021
MEDIUM
Solare Solar-Log <3.5.2-85 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities
4,134
Exploit Likelihood
Medium