CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,137 vulnerabilities with CWE-434
CVE-2015-5601 HIGH
edx-platform <2015-07-20 - Code Injection
CVSS 8.8
CVE-2015-9271 CRITICAL
VideoWhisper Video Conference Integration 4.91.8 - Remote Code Execution via .phtml File Upload
CVSS 9.8
CVE-2015-9263 CRITICAL
Idera Up.Time Monitoring Station 7.5.0/7.4.0 - Unrestricted File Upload via post2file.php
CVSS 9.8
CVE-2015-9259 CRITICAL
Docker Notary < 0.1 - Unrestricted Upload of File with Dangerous Type via Root.json Expiry Bypass
CVSS 9.8
CVE-2015-0796 MEDIUM
open buildservice 2.4-2.4.8 - Unrestricted Upload of File with Dangerous Type via Source Service Patch Application
CVSS 6.3
CVE-2015-2780 CRITICAL
Berta CMS < 0.8.9b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image File
CVSS 9.8
CVE-2015-8249 CRITICAL
ManageEngine Desktop Central <9 - RCE
CVSS 9.8
CVE-2015-9228 HIGH
NextGEN Gallery 2.1.10 - Unrestricted File Upload via Name Parameter
CVSS 8.8
CVE-2015-7571 HIGH
Yeager CMS 1.2.1 - Unrestricted File Upload
CVSS 7.8
CVE-2015-4463 MEDIUM
eFront < 3.6.15.4 - Authenticated Unrestricted File Upload via File Manager URL Parameter
CVSS 6.5
CVE-2015-4462 MEDIUM
efront < 3.6.15.4 - Authenticated Absolute Path Traversal via File Manager Upload Field
CVSS 6.5
CVE-2015-4455 CRITICAL
Aviary Image Editor Add-on for Gravity Forms < 3.0 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2015-3884 HIGH
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
CVSS 8.8
CVE-2015-1000013 HIGH
WordPress Plugin csv2wpec-coupon v1.1 - RCE
CVSS 7.8
CVE-2015-1000001 CRITICAL
Wordpress Plugin Fast-Image-Adder <1.1 - RCE
CVSS 9.8
CVE-2015-1000000 CRITICAL
mailcwp v1.99 - Unrestricted File Upload
CVSS 9.8
CVE-2015-4524
EMC Documentum Administrator - Unrestricted File Upload
CVE-2015-0702
Cisco Unified MeetingPlace 8.6(1.9) - Authenticated Arbitrary File Upload via Custom Prompts
CVE-2014-125113 CRITICAL
Dell KACE K1000 <5.4.76849-5.5.90547 - File Upload
CVE-2014-125126 CRITICAL
Simple E-Document 3.0-3.1 - File Upload
CVE-2014-125119 HIGH
WinRAR 3.80-3.90 and 4.11-4.99 - Filename Spoofing via ZIP Central Directory and Local File Header Inconsistency
CVE-2014-125116 CRITICAL
HybridAuth 2.0.9-2.2.2 - Unauthenticated Remote Code Execution via install.php Config Injection
CVE-2014-0468 CRITICAL
FusionForge < 5.3+20140506 - Unrestricted Upload of File with Dangerous Type via SCM Repository
CVSS 9.8
CVE-2014-125104 MEDIUM
VaultPress < 1.6.1 - Unrestricted File Upload via MailPoet Plugin Hotfix Function
CVSS 6.3
CVE-2014-8739 CRITICAL
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
CVSS 9.8
Details
Vulnerabilities 4,137
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits