CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,137 vulnerabilities with CWE-434
CVE-2017-14839 HIGH
TeamWork Photo Fusion - Arbitrary File Upload
CVSS 8.8
CVE-2017-14838 HIGH
TeamWork Job Links - Path Traversal
CVSS 8.8
CVE-2017-14704 HIGH
Claydip Laravel Airbnb Clone 1.0 - RCE
CVSS 8.8
CVE-2017-14079 HIGH
Trend Micro Mobile Security <9.7.3 - RCE
CVSS 8.8
CVE-2017-12929 HIGH
TecnoVISION DLX Spot Player4 >1.5.10 - Authenticated Arbitrary File Upload via resource.php
CVSS 8.8
CVE-2017-12615 HIGH KEV
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
CVSS 8.1
CVE-2017-1002016 CRITICAL
WordPress Plugin Flickr-Picture-Backup <0.7 - Unauthenticated RCE
CVSS 9.8
CVE-2017-1002008 CRITICAL
membership-simplified-for-oap-members-only < 1.58 - Unauthenticated Arbitrary File Upload via download.php
CVSS 9.8
CVE-2017-1002003 CRITICAL
wp2android-turn-wp-site-into-android-app 1.1.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2017-1002002 CRITICAL
WordPress Plugin Webapp-Builder v2.0 - Info Disclosure
CVSS 9.8
CVE-2017-1002001 CRITICAL
WordPress Plugin Mobile-App-Build By Wappress <1.05 - Info Disclosure
CVSS 9.8
CVE-2017-1002000 CRITICAL
mobile-friendly-app-builder-by-easytouch 3.0 - Unauthenticated Arbitrary File Upload via images.php
CVSS 9.8
CVE-2017-14399 HIGH
BlackCat CMS 1.2.2 - Unauthenticated Unrestricted File Upload via Extension Parameter
CVSS 8.8
CVE-2017-14346 CRITICAL
blog_project/blog < 2017-09-12 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2017-14251 HIGH
TYPO3 7.6.0-7.6.21, 8.0.0-8.7.4 - RCE
CVSS 8.8
CVE-2017-14123 HIGH
Zoho ManageEngine Firewall Analyzer 12200 - RCE
CVSS 8.8
CVE-2017-14050 HIGH
BlackCat CMS 1.2 - Authenticated RCE
CVSS 8.8
CVE-2017-9650 HIGH
ALC WebCTRL <6.5 - Remote Code Execution
CVSS 7.8
CVE-2017-11357 CRITICAL KEV
Telerik UI for ASP.NET AJAX < 2020.1.114 - Unrestricted File Upload via RadAsyncUpload
CVSS 9.8
CVE-2017-3108 CRITICAL
Adobe Experience Manager < 6.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2017-11154 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unrestricted File Upload via PixlrEditorHandler.php Type Parameter
CVSS 7.2
CVE-2017-12678 HIGH
TagLib 1.11.1 - Denial of Service via Crafted Audio File
CVSS 8.8
CVE-2017-11756 HIGH
Ear Music <4.1 build 20170710 - RCE
CVSS 7.0
CVE-2017-11326 HIGH
Tilde CMS 1.0.1 - Unrestricted Upload of File with Dangerous Type via Filename Manipulation
CVSS 7.5
CVE-2017-11466 HIGH
dotcms 4.1.1 - Authenticated Arbitrary File Upload via AjaxFileUploadServlet fieldName Parameter
CVSS 7.2
Details
Vulnerabilities 4,137
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits