CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,139 vulnerabilities with CWE-434
CVE-2012-10027
CRITICAL
WP-Property < 1.35.0 - Unauthenticated Arbitrary File Upload via uploadify.php
CVE-2012-10026
CRITICAL
WordPress Plugin Asset-Manager < 2.0 - Unauthenticated Arbitrary File Upload via upload.php
CVE-2012-10020
CRITICAL
FoxyPress <= 0.4.2.1 - Unauthenticated Arbitrary File Upload via uploadify.php
CVSS 9.8
CVE-2012-10019
CRITICAL
Front End Editor <2.3 - File Upload
CVSS 9.8
CVE-2012-6649
CRITICAL
WordPress WP GPX Maps Plugin 1.1.21 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2012-5190
CRITICAL
Prizm Content Connect 5.1 - Code Injection
CVSS 9.8
CVE-2012-2950
HIGH
Gateway Geomatics MapServer <3.0.6 - Code Injection
CVSS 8.1
CVE-2012-2226
CRITICAL
Invision Power Board < 3.3.1 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2012-1592
HIGH
Apache Struts 2.0-2.5.22 - Unrestricted Upload of File with Dangerous Type via Malformed XSLT Processing
CVSS 8.8
CVE-2011-10041
CRITICAL
Uploadify WordPress plugin <1.0 - RCE
CVE-2011-10004
MEDIUM
reciply < 1.1.8 - Unrestricted File Upload via uploadImage.php
CVSS 6.3
CVE-2011-4908
CRITICAL
TinyBrowser < 1.5.13 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2011-4906
CRITICAL
Tinybrowser < 1.5.13 - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2011-1597
HIGH
OpenVAS Manager 2.0.3 - Remote Code Execution via Plugin Upload
CVSS 8.8
CVE-2011-4907
MEDIUM
Joomla! 1.5.0-1.5.12 - Unauthenticated Unrestricted File Upload via Missing JEXEC Check
CVSS 5.3
CVE-2011-2933
HIGH
WebsiteBaker < 2.8.1 - Arbitrary File Upload via admin/media/upload.php
CVSS 7.2
CVE-2011-1134
CRITICAL
Serendipity < 1.5.5 - Stored Cross-Site Scripting in Xinha Image Manager
CVSS 9.8
CVE-2011-4183
MEDIUM
SUSE Open Build Service <2.1.16 - RCE
CVSS 6.5
CVE-2011-4334
HIGH
LabWiki < 1.1 - Authenticated Arbitrary PHP File Upload via .gif Extension
CVSS 8.8
CVE-2010-1433
CRITICAL
Joomla! 1.5.0-1.5.15 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2010-4661
HIGH
udisks < 1.0.3 - Unrestricted Kernel Module Loading
CVSS 7.8
CVE-2010-3663
HIGH
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.x < 4.4.1 - Remote Code Execution
CVSS 8.8
CVE-2009-20006
CRITICAL
osCommerce <= 2.2 RC2a - Unauthenticated Arbitrary File Upload via Admin File Manager
CVE-2009-20011
CRITICAL
ContentKeeper Web Appliance <125.10 - RCE
CVE-2006-6994
ozzywork_galeri < 2.0 - Unauthenticated Arbitrary File Upload via add.asp
Details
Vulnerabilities
4,139
Exploit Likelihood
Medium