CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,139 vulnerabilities with CWE-434
CVE-2013-1916
HIGH
WordPress User Photo Plugin 0.9.4 - Unrestricted File Upload
CVSS 8.8
CVE-2013-20002
CRITICAL
Themify Framework < 1.2.2 - Unauthenticated Arbitrary File Upload via Themify Ajax Handler
CVSS 9.8
CVE-2013-3684
CRITICAL
NextGEN Gallery < 1.9.13 - Unrestricted Upload of File with Dangerous Type via ngggallery.php
CVSS 9.8
CVE-2013-2057
CRITICAL
YaBB < 2.5.2 - Local File Inclusion via guestlanguage Cookie Parameter
CVSS 9.8
CVE-2013-0803
CRITICAL
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2013-3591
HIGH
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2013-2748
CRITICAL
Belkin Wemo Switch <WeMo_US_2.00.2176.PVT - Code Injection
CVSS 9.8
CVE-2013-7390
CRITICAL
ManageEngine DesktopCentral <8.0.0 - RCE
CVSS 9.8
CVE-2013-6358
HIGH
PrestaShop 1.5.5 - Authenticated Remote Code Execution via Crafted Profile Upload
CVSS 8.8
CVE-2013-4796
HIGH
ReviewBoard <1.6.17 - Code Injection
CVSS 8.8
CVE-2013-6234
HIGH
SpagoBI < 4.1 - Authenticated Arbitrary File Upload via Worksheet Designer
CVSS 8.0
CVE-2013-7426
CRITICAL
kamailio 4.0.1 - Insecure Temporary File Handling in /tmp/kamailio_fifo
CVSS 9.8
CVE-2012-10064
CRITICAL
Omni Secure Files < 0.1.14 - Unauthenticated Arbitrary File Upload via plupload Example Endpoint
CVE-2012-10062
HIGH
XAMPP < 1.7.3 - Authenticated Remote Code Execution via WebDAV PHP Upload
CVE-2012-10056
HIGH
PHP Volunteer Management System v1.0.2 - Code Injection
CVE-2012-10054
CRITICAL
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
CVSS 9.8
CVE-2012-10038
CRITICAL
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
CVE-2012-10052
CRITICAL
EGallery 1.2 - Unauthenticated Arbitrary File Upload via uploadify.php
CVE-2012-10050
CRITICAL
CuteFlow < 2.11.2 - Unauthenticated Arbitrary File Upload via restart_circulation_values_write.php
CVE-2012-10049
CRITICAL
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
CVE-2012-10045
CRITICAL
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
CVE-2012-10044
CRITICAL
MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php
CVE-2012-10042
HIGH
Sflog! CMS 1.0 - Authenticated Arbitrary File Upload via Blog Management Interface
CVE-2012-10036
CRITICAL
Project Pier <0.8.8 - Unauthenticated RCE
CVE-2012-10030
CRITICAL
FreeFloat FTP Server - Unauthenticated RCE
CVSS 9.8
Details
Vulnerabilities
4,139
Exploit Likelihood
Medium