CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,139 vulnerabilities with CWE-434
CVE-2013-1916 HIGH
WordPress User Photo Plugin 0.9.4 - Unrestricted File Upload
CVSS 8.8
CVE-2013-20002 CRITICAL
Themify Framework < 1.2.2 - Unauthenticated Arbitrary File Upload via Themify Ajax Handler
CVSS 9.8
CVE-2013-3684 CRITICAL
NextGEN Gallery < 1.9.13 - Unrestricted Upload of File with Dangerous Type via ngggallery.php
CVSS 9.8
CVE-2013-2057 CRITICAL
YaBB < 2.5.2 - Local File Inclusion via guestlanguage Cookie Parameter
CVSS 9.8
CVE-2013-0803 CRITICAL
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2013-3591 HIGH
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2013-2748 CRITICAL
Belkin Wemo Switch <WeMo_US_2.00.2176.PVT - Code Injection
CVSS 9.8
CVE-2013-7390 CRITICAL
ManageEngine DesktopCentral <8.0.0 - RCE
CVSS 9.8
CVE-2013-6358 HIGH
PrestaShop 1.5.5 - Authenticated Remote Code Execution via Crafted Profile Upload
CVSS 8.8
CVE-2013-4796 HIGH
ReviewBoard <1.6.17 - Code Injection
CVSS 8.8
CVE-2013-6234 HIGH
SpagoBI < 4.1 - Authenticated Arbitrary File Upload via Worksheet Designer
CVSS 8.0
CVE-2013-7426 CRITICAL
kamailio 4.0.1 - Insecure Temporary File Handling in /tmp/kamailio_fifo
CVSS 9.8
CVE-2012-10064 CRITICAL
Omni Secure Files < 0.1.14 - Unauthenticated Arbitrary File Upload via plupload Example Endpoint
CVE-2012-10062 HIGH
XAMPP < 1.7.3 - Authenticated Remote Code Execution via WebDAV PHP Upload
CVE-2012-10056 HIGH
PHP Volunteer Management System v1.0.2 - Code Injection
CVE-2012-10054 CRITICAL
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
CVSS 9.8
CVE-2012-10038 CRITICAL
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
CVE-2012-10052 CRITICAL
EGallery 1.2 - Unauthenticated Arbitrary File Upload via uploadify.php
CVE-2012-10050 CRITICAL
CuteFlow < 2.11.2 - Unauthenticated Arbitrary File Upload via restart_circulation_values_write.php
CVE-2012-10049 CRITICAL
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
CVE-2012-10045 CRITICAL
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
CVE-2012-10044 CRITICAL
MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php
CVE-2012-10042 HIGH
Sflog! CMS 1.0 - Authenticated Arbitrary File Upload via Blog Management Interface
CVE-2012-10036 CRITICAL
Project Pier <0.8.8 - Unauthenticated RCE
CVE-2012-10030 CRITICAL
FreeFloat FTP Server - Unauthenticated RCE
CVSS 9.8
Details
Vulnerabilities 4,139
Exploit Likelihood Medium