CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,137 vulnerabilities with CWE-434
CVE-2016-7095
CRITICAL
Exponent CMS < 2.3.8 - Unauthenticated Arbitrary File Upload via Redirection
CVSS 9.8
CVE-2016-5050
CRITICAL
ReadyDesk 9.1 - Unauthenticated Arbitrary File Upload via chat/sendfile.aspx
CVSS 9.8
CVE-2016-2914
MEDIUM
IBM Rational Publishing Engine 2.0.1 - Authenticated Unrestricted File Upload
CVSS 5.4
CVE-2016-3088
CRITICAL
KEV
ActiveMQ web shell upload
CVSS 9.8
CVE-2015-10144
HIGH
Responsive Thumbnail Slider <1.0.1 - Code Injection
CVSS 8.8
CVE-2015-10137
CRITICAL
Website Contact Form With File Upload <1.3.4 - RCE
CVSS 9.8
CVE-2015-10138
CRITICAL
The Work The Flow File Upload plugin - Path Traversal
CVSS 9.8
CVE-2015-10135
CRITICAL
WPshop 2 - E-Commerce < 1.3.9.6 - Unauthenticated Arbitrary File Upload via ajaxUpload Function
CVSS 9.8
CVE-2015-10087
MEDIUM
UpThemes Theme DesignFolio Plus 1.2 - Unrestricted Upload
CVSS 6.3
CVE-2015-1785
MEDIUM
NextGEN Gallery < 2.0.77.3 - Unauthenticated Arbitrary File Upload and Cross-Site Request Forgery
CVSS 6.5
CVE-2015-1784
HIGH
NextGEN Gallery < 2.0.77.3 - Unauthenticated Arbitrary File Upload and Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7341
HIGH
JNews < 8.5.0 - Unauthenticated Arbitrary File Upload via Subscribers or Templates
CVSS 8.8
CVE-2015-7339
HIGH
JCE 2.5.0-2.5.2 - Arbitrary File Upload via Image File Extension
CVSS 8.8
CVE-2015-0258
HIGH
Collabtive < 2.1 - Authenticated Arbitrary File Upload via Avatar Upload
CVSS 8.8
CVE-2015-6000
HIGH
vtiger CRM < 6.3.0 - Authenticated Unrestricted File Upload and Remote Code Execution via Company Logo Upload
CVSS 8.8
CVE-2015-5951
CRITICAL
Thomson Reuters FATCH <5.2 - Code Injection
CVSS 9.9
CVE-2015-4553
HIGH
dedecms < 5.7-sp1 - Unrestricted File Upload
CVSS 8.8
CVE-2015-9499
CRITICAL
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
CVSS 9.8
CVE-2015-9479
CRITICAL
ACF-Frontend-Display < 2015-07-03 - Unauthenticated Arbitrary File Upload via Upload Action
CVSS 9.8
CVE-2015-9471
CRITICAL
Zoomsounds < 2.0 - Unauthenticated Arbitrary File Upload via admin/upload.php
CVSS 9.8
CVE-2015-9402
HIGH
Users Ultra Membership < 1.5.59 - Unauthenticated Arbitrary File Upload via uultra-form-cvs-form-conf
CVSS 8.8
CVE-2015-9340
HIGH
WordPress File Upload < 3.0.0 - Unrestricted Upload of Dangerous File Types
CVSS 7.5
CVE-2015-9339
HIGH
WordPress File Upload < 2.7.1 - Unrestricted Upload of JavaScript Files
CVSS 7.5
CVE-2015-9338
HIGH
WordPress File Upload < 2.5.0 - Unrestricted Upload of Dangerous File Types
CVSS 7.5
CVE-2015-9341
HIGH
WordPress File Upload < 3.4.1 - Unrestricted Upload of Dangerous File Type
CVSS 7.5
Details
Vulnerabilities
4,137
Exploit Likelihood
Medium