CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,022 vulnerabilities with CWE-434

CVE-2015-5951 CRITICAL

Thomson Reuters FATCH <5.2 - Code Injection

CVSS 9.9

CVE-2015-4553 HIGH

Dedecms < 5.6 - Unrestricted File Upload

CVSS 8.8

CVE-2015-9499 CRITICAL

Themepunch Showbiz Pro < 1.7.1 - Unrestricted File Upload

CVSS 9.8

CVE-2015-9479 CRITICAL

Advancedcustomfields Acf Fronted Display - Unrestricted File Upload

CVSS 9.8

CVE-2015-9471 CRITICAL

Digitalzoomstudio Zoomsounds < 2.0 - Unrestricted File Upload

CVSS 9.8

CVE-2015-9402 HIGH

Usersultra Users Ultra Membership < 1.5.59 - Unrestricted File Upload

CVSS 8.8

CVE-2015-9340 HIGH

Iptanus Wordpress File Upload < 3.0.0 - Unrestricted File Upload

CVSS 7.5

CVE-2015-9339 HIGH

Iptanus Wordpress File Upload < 2.7.1 - Unrestricted File Upload

CVSS 7.5

CVE-2015-9338 HIGH

Iptanus Wordpress File Upload < 2.5.0 - Unrestricted File Upload

CVSS 7.5

CVE-2015-9341 HIGH

Iptanus Wordpress File Upload < 3.4.1 - Unrestricted File Upload

CVSS 7.5

CVE-2015-5601 HIGH

edx-platform <2015-07-20 - Code Injection

CVSS 8.8

CVE-2015-9271 CRITICAL

Videowhisper Video Conference - Unrestricted File Upload

CVSS 9.8

CVE-2015-9263 CRITICAL

Idera Uptime Infrastructure Monitor - Unrestricted File Upload

CVSS 9.8

CVE-2015-9259 CRITICAL

Docker Notary < 0.1 - Unrestricted File Upload

CVSS 9.8

CVE-2015-0796 MEDIUM

Opensuse Open Buildservice < 2.4.8 - Symlink Following

CVSS 6.3

CVE-2015-2780 CRITICAL

Berta Cms < 0.8.9b - Unrestricted File Upload

CVSS 9.8

CVE-2015-8249 CRITICAL

ManageEngine Desktop Central <9 - RCE

CVSS 9.8

CVE-2015-9228 HIGH

Imagely Nextgen Gallery - Unrestricted File Upload

CVSS 8.8

CVE-2015-7571 HIGH

Yeager CMS 1.2.1 - RCE

CVSS 7.8

CVE-2015-4463 MEDIUM

Efront < 3.6.15.4 - Unrestricted File Upload

CVSS 6.5

CVE-2015-4462 MEDIUM

Efront < 3.6.15.4 - Unrestricted File Upload

CVSS 6.5

CVE-2015-4455 CRITICAL

Aviary Image Editor Add-on For Gravit... - Unrestricted File Upload

CVSS 9.8

CVE-2015-3884 HIGH

qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)

CVSS 8.8

CVE-2015-1000013 HIGH

WordPress Plugin csv2wpec-coupon v1.1 - RCE

CVSS 7.8

CVE-2015-1000001 CRITICAL

Wordpress Plugin Fast-Image-Adder <1.1 - RCE

CVSS 9.8

Details

Vulnerabilities 4,022

Exploit Likelihood Medium

Links