CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,134 vulnerabilities with CWE-434
CVE-2017-18592 HIGH
WooCommerce Catalog Enquiry <3.1.0 - Info Disclosure
CVSS 7.5
CVE-2017-18435 HIGH
cPanel 55.9999.61-56.0.49 - Unauthenticated Remote Code Execution via BoxTrapper API
CVSS 7.3
CVE-2017-11561 MEDIUM
ZOHO ManageEngine OpManager <12.2 - Command Injection
CVSS 6.5
CVE-2017-3189 HIGH
dotcms < 3.7.1 - Unauthenticated Arbitrary File Upload via Push Publishing Bundle
CVSS 8.1
CVE-2017-2617 HIGH
hawtio < 1.5.5 - Remote Code Execution via File Upload
CVSS 7.6
CVE-2017-16772 HIGH
Synology Photo Station <6.8.3-3463, <6.3-2971 - RCE
CVSS 8.8
CVE-2017-16251 HIGH
Mitel ST 14.2 <= GA28 - Authenticated Arbitrary File Upload via Personal Library
CVSS 8.8
CVE-2017-9279 LOW
NetIQ Identity Manager <4.5.6.1 - Code Injection
CVSS 2.0
CVE-2017-7429 HIGH
NetIQ eDirectory PKI plugin <8.8.8.10 - Code Injection
CVSS 8.8
CVE-2017-6931 MEDIUM
Drupal 8.4.x <8.4.5 - Privilege Escalation
CVSS 6.5
CVE-2017-1499 HIGH
IBM Maximo Asset Management 7.5 and 7.6 - Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2017-9970 HIGH
Schneider Electric StruxureOn Gateway <= 1.1.3 - Remote Code Execution via Zip Metadata Injection
CVSS 7.2
CVE-2017-17976 CRITICAL
Perfex CRM 1.9.7 - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2017-14521 HIGH
WonderCMS 2.3.1 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2017-18048 HIGH
Monstra CMS 3.0.4 - Unrestricted Upload of File with Dangerous Type via Case Bypass
CVSS 8.8
CVE-2017-16594 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16736 HIGH
Advantech WebAccess <8.3 - Info Disclosure
CVSS 7.5
CVE-2017-15549 HIGH
EMC Avamar Server 7.1.x-7.5.0 Arbitrary File Upload
CVSS 8.8
CVE-2017-17987 HIGH
Muslim Matrimonial Script - Unrestricted File Upload via admin/mydetails_edit.php
CVSS 7.2
CVE-2017-17874 HIGH
Vanguard Marketplace Digital Products PHP 1.4 - Unauthenticated Arbitrary File Upload via Product Addition
CVSS 8.8
CVE-2017-16949 CRITICAL
AccessKeys AccessPress Anonymous Post Pro <3.1.9 - Code Injection
CVSS 9.8
CVE-2017-15876 HIGH
GPWeb 8.4.61 - Authenticated Unrestricted File Upload
CVSS 7.2
CVE-2017-17727 HIGH
DedeCMS < 5.6 - Unauthenticated Arbitrary File Upload RCE via member/article_edit.php
CVSS 8.8
CVE-2017-17593 HIGH
Simple Chatting System 1.0 - Arbitrary File Upload via my_profile.php
CVSS 7.5
CVE-2017-13156 HIGH
Android Janus APK Signature bypass
CVSS 7.8
Details
Vulnerabilities 4,134
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits