CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,139 vulnerabilities with CWE-434
CVE-2014-125104
MEDIUM
VaultPress < 1.6.1 - Unrestricted File Upload via MailPoet Plugin Hotfix Function
CVSS 6.3
CVE-2014-8739
CRITICAL
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
CVSS 9.8
CVE-2014-2025
CRITICAL
Unspecified Third Party Tool <6.0 - RCE
CVSS 9.8
CVE-2014-3448
CRITICAL
BSS Continuity CMS 4.2.22640.0 - Unauthenticated Remote Code Execution via File Upload
CVSS 9.8
CVE-2014-8516
CRITICAL
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-8337
CRITICAL
HelpDEZk < 1.0.1 - Unauthenticated Arbitrary File Upload via uploadify.php
CVSS 9.8
CVE-2014-1214
HIGH
ProJoom Smart Flash Header < 3.0.2 - Unauthenticated Arbitrary File Upload via Crafted Dest and Filename Parameters
CVSS 8.8
CVE-2014-10074
CRITICAL
Umbraco CMS < 7.2.0 - Remote Code Execution via Unrestricted PHP File Upload
CVSS 9.8
CVE-2014-4912
CRITICAL
Frog CMS 0.9.5 - Unrestricted File Upload
CVSS 9.8
CVE-2014-2592
CRITICAL
Aruba Web Management Portal - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-4972
CRITICAL
ajax_upload_for_gravity_forms < 1.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2014-2664
HIGH
X2Engine X2CRM < 3.7.5 - Unauthenticated Remote Code Execution via Profile Photo Upload
CVSS 8.8
CVE-2014-9619
HIGH
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - Authenticated PHP Code Execution via File Upload
CVSS 7.2
CVE-2014-9312
HIGH
Photo Gallery 1.2.5 - Info Disclosure
CVSS 8.8
CVE-2013-10067
CRITICAL
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
CVE-2013-10066
CRITICAL
Kordil EDMS v2.2.60rc3 - Unauthenticated RCE
CVE-2013-10054
CRITICAL
LibrettoCMS 1.1.7 - Unauthenticated RCE
CVE-2013-10055
CRITICAL
Havalite CMS 1.1.7 - Unauthenticated RCE
CVE-2013-10047
CRITICAL
MiniWeb HTTP Server <= Build 300 - File Upload
CVE-2013-10044
HIGH
OpenEMR < 4.1.1 Patch 14 - SQL Injection
CVSS 8.8
CVE-2013-10043
CRITICAL
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
CVE-2013-10040
CRITICAL
ClipBucket < 2.6 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ofc_upload_image.php
CVSS 9.8
CVE-2013-10038
CRITICAL
FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php
CVE-2013-10034
CRITICAL
Kaseya KServer <6.3.0.2 - File Upload
CVE-2013-10032
HIGH
GetSimpleCMS <3.2.1 - Authenticated RCE
CVSS 8.8
Details
Vulnerabilities
4,139
Exploit Likelihood
Medium