CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,139 vulnerabilities with CWE-434
CVE-2014-125104 MEDIUM
VaultPress < 1.6.1 - Unrestricted File Upload via MailPoet Plugin Hotfix Function
CVSS 6.3
CVE-2014-8739 CRITICAL
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
CVSS 9.8
CVE-2014-2025 CRITICAL
Unspecified Third Party Tool <6.0 - RCE
CVSS 9.8
CVE-2014-3448 CRITICAL
BSS Continuity CMS 4.2.22640.0 - Unauthenticated Remote Code Execution via File Upload
CVSS 9.8
CVE-2014-8516 CRITICAL
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-8337 CRITICAL
HelpDEZk < 1.0.1 - Unauthenticated Arbitrary File Upload via uploadify.php
CVSS 9.8
CVE-2014-1214 HIGH
ProJoom Smart Flash Header < 3.0.2 - Unauthenticated Arbitrary File Upload via Crafted Dest and Filename Parameters
CVSS 8.8
CVE-2014-10074 CRITICAL
Umbraco CMS < 7.2.0 - Remote Code Execution via Unrestricted PHP File Upload
CVSS 9.8
CVE-2014-4912 CRITICAL
Frog CMS 0.9.5 - Unrestricted File Upload
CVSS 9.8
CVE-2014-2592 CRITICAL
Aruba Web Management Portal - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-4972 CRITICAL
ajax_upload_for_gravity_forms < 1.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-2664 HIGH
X2Engine X2CRM < 3.7.5 - Unauthenticated Remote Code Execution via Profile Photo Upload
CVSS 8.8
CVE-2014-9619 HIGH
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - Authenticated PHP Code Execution via File Upload
CVSS 7.2
CVE-2014-9312 HIGH
Photo Gallery 1.2.5 - Info Disclosure
CVSS 8.8
CVE-2013-10067 CRITICAL
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
CVE-2013-10066 CRITICAL
Kordil EDMS v2.2.60rc3 - Unauthenticated RCE
CVE-2013-10054 CRITICAL
LibrettoCMS 1.1.7 - Unauthenticated RCE
CVE-2013-10055 CRITICAL
Havalite CMS 1.1.7 - Unauthenticated RCE
CVE-2013-10047 CRITICAL
MiniWeb HTTP Server <= Build 300 - File Upload
CVE-2013-10044 HIGH
OpenEMR < 4.1.1 Patch 14 - SQL Injection
CVSS 8.8
CVE-2013-10043 CRITICAL
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
CVE-2013-10040 CRITICAL
ClipBucket < 2.6 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ofc_upload_image.php
CVSS 9.8
CVE-2013-10038 CRITICAL
FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php
CVE-2013-10034 CRITICAL
Kaseya KServer <6.3.0.2 - File Upload
CVE-2013-10032 HIGH
GetSimpleCMS <3.2.1 - Authenticated RCE
CVSS 8.8
Details
Vulnerabilities 4,139
Exploit Likelihood Medium