CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,137 vulnerabilities with CWE-434
CVE-2016-11020 CRITICAL
Kunena < 5.0.4 - Unrestricted Avatar File Upload Leading to XSS and Remote Code Execution
CVSS 9.8
CVE-2016-10995 CRITICAL
Templatic Tevolution < 2.3.0 - Arbitrary File Upload via single_upload.php
CVSS 9.8
CVE-2016-10959 MEDIUM
estatik < 2.3.1 - Authenticated Arbitrary File Upload via es_media_images Parameter
CVSS 6.5
CVE-2016-10958 HIGH
estatik < 2.3.0 - Unauthenticated Arbitrary File Upload via es_media_images Parameter
CVSS 7.5
CVE-2016-10955 CRITICAL
cysteme-finder < 1.4 - Unauthenticated Unrestricted File Upload
CVSS 9.8
CVE-2016-10954 CRITICAL
Neosense < 1.8 - Unauthenticated Unrestricted File Upload via qquploader
CVSS 9.8
CVE-2016-10758 HIGH
PHPKIT 1.6.6 - Arbitrary File Upload via image_name Parameter
CVSS 8.8
CVE-2016-10752 CRITICAL
Serendipity 2.0.3 - Unauthenticated Arbitrary PHP File Upload via Extensionless Filename Rename
CVSS 9.8
CVE-2016-10751 HIGH
osClass 3.6.1 - Directory Traversal and Remote Code Execution via Plugin Parameter
CVSS 7.2
CVE-2016-9492 CRITICAL
PHP FormMail Generator < 2016-12-17 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2016-10036 CRITICAL
JFrog Artifactory < 4.16 - Unauthenticated Unrestricted File Upload via UI Artifact Upload
CVSS 9.8
CVE-2016-10258 MEDIUM
Symantec Advanced Secure Gateway and ProxySG - Unrestricted File Upload via Management Console
CVSS 6.8
CVE-2016-7443 CRITICAL
Exponent CMS 2.3.0-2.3.9 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2016-8515 HIGH
HPE Version Control Repository Manager < 7.6 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2016-0354 MEDIUM
IBM Sametime Enterprise Meeting Server <9.0 - Privilege Escalation
CVSS 5.5
CVE-2016-1713 HIGH
vtiger CRM 6.4.0 - Authenticated Remote Code Execution via Company Logo Upload
CVSS 7.3
CVE-2016-8973 MEDIUM
IBM Rhapsody DM <6.0 - Privilege Escalation
CVSS 4.3
CVE-2016-6104 HIGH
IBM Tivoli Key Lifecycle Manager <2.7 - RCE
CVSS 7.2
CVE-2016-8921 HIGH
IBM FileNet WorkPlace XT - Unauthenticated Arbitrary File Upload
CVSS 8.8
CVE-2016-6124 HIGH
IBM Kenexa LMS on Cloud 13.1-13.2.4 - RCE
CVSS 8.8
CVE-2016-7902 HIGH
dotclear < 2.10.3 - Authenticated Arbitrary File Upload via ZIP Archive
CVSS 8.8
CVE-2016-9268 HIGH
Dotclear < 2.10.4 - Authenticated Remote Code Execution via Theme File Upload
CVSS 7.2
CVE-2016-9187 HIGH
Moodle < 3.1.2 - Authenticated Unrestricted File Upload via Double Extension Bypass
CVSS 8.8
CVE-2016-9186 HIGH
Moodle < 3.1.2 - Authenticated Unrestricted File Upload with Dangerous Type
CVSS 8.8
CVE-2016-7452 HIGH
Exponent CMS < 2.3.9 - Unauthenticated Arbitrary File Upload via Pixidou Image Editor
CVSS 7.5
Details
Vulnerabilities 4,137
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits