CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,134 vulnerabilities with CWE-434
CVE-2017-12332 MEDIUM
Cisco NX-OS System Software - Privilege Escalation
CVSS 4.4
CVE-2017-15673 HIGH
CS-Cart < 4.6.2 - Authenticated Arbitrary PHP Code Execution via Custom Page Upload
CVSS 7.2
CVE-2017-15054 HIGH
TeamPass < 2.1.27.9 - Authenticated Arbitrary File Upload and Remote Code Execution via upload.files.php
CVSS 7.5
CVE-2017-16941 HIGH
October CMS <1.0.428 - Authenticated RCE
CVSS 8.8
CVE-2017-2737 HIGH
Huawei VCM5010 < V100R002C50SPC100 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2017-2699 HIGH
Huawei Themes APP < PLK-UL00C17B385 Arbitrary Code Execution via Malicious Theme Pack Upload
CVSS 7.8
CVE-2017-8862 CRITICAL
Cohu 3960HD Firmware - Unauthenticated Arbitrary File Upload and Remote Code Execution via Webupgrade Function
CVSS 9.8
CVE-2017-1000238 HIGH
InvoicePlane <1.4.10 - Code Injection
CVSS 8.8
CVE-2017-1000194 CRITICAL
October CMS <412 - Privilege Escalation
CVSS 9.8
CVE-2017-16524 HIGH
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVSS 8.8
CVE-2017-10940 HIGH
Joyent Smart Data Center < [email protected] Authenticated Arbitrary File Write via Docker API
CVSS 8.8
CVE-2017-15990 CRITICAL
Savsofteproducts Phpinventory - Unrestricted File Upload
CVSS 9.8
CVE-2017-15962 CRITICAL
iStock Management System 1.0 - Unauthenticated Arbitrary File Upload via User Profile
CVSS 9.8
CVE-2017-15957 HIGH
Ingenious School Management System 2.3.0 - Unrestricted File Upload via my_profile.php
CVSS 8.8
CVE-2017-15580 CRITICAL
osTicket 1.10.1 - Unrestricted Upload of File with Dangerous Type via tickets.php
CVSS 9.8
CVE-2017-1000119 HIGH
October CMS <build 412 - Code Injection
CVSS 7.2
CVE-2017-12617 HIGH KEV
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
CVSS 8.1
CVE-2017-6090 HIGH
PhpCollab < 2.5.1 - Authenticated Arbitrary File Upload via Client Logo Upload
CVSS 8.8
CVE-2017-14958 HIGH
PivotX 2.3.11 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 7.2
CVE-2017-13982 HIGH
HPE BSM <9.26-9.40 - Path Traversal
CVSS 8.8
CVE-2017-14841 MEDIUM
Mojoomla AMC - Arbitrary File Upload
CVSS 6.5
CVE-2017-14840 HIGH
TeamWork TicketPlus - Code Injection
CVSS 8.8
CVE-2017-14839 HIGH
TeamWork Photo Fusion - Arbitrary File Upload
CVSS 8.8
CVE-2017-14838 HIGH
TeamWork Job Links - Path Traversal
CVSS 8.8
CVE-2017-14704 HIGH
Claydip Laravel Airbnb Clone 1.0 - RCE
CVSS 8.8
Details
Vulnerabilities 4,134
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits