CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,139 vulnerabilities with CWE-434
CVE-2012-10027 CRITICAL
WP-Property < 1.35.0 - Unauthenticated Arbitrary File Upload via uploadify.php
CVE-2012-10026 CRITICAL
WordPress Plugin Asset-Manager < 2.0 - Unauthenticated Arbitrary File Upload via upload.php
CVE-2012-10020 CRITICAL
FoxyPress <= 0.4.2.1 - Unauthenticated Arbitrary File Upload via uploadify.php
CVSS 9.8
CVE-2012-10019 CRITICAL
Front End Editor <2.3 - File Upload
CVSS 9.8
CVE-2012-6649 CRITICAL
WordPress WP GPX Maps Plugin 1.1.21 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2012-5190 CRITICAL
Prizm Content Connect 5.1 - Code Injection
CVSS 9.8
CVE-2012-2950 HIGH
Gateway Geomatics MapServer <3.0.6 - Code Injection
CVSS 8.1
CVE-2012-2226 CRITICAL
Invision Power Board < 3.3.1 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2012-1592 HIGH
Apache Struts 2.0-2.5.22 - Unrestricted Upload of File with Dangerous Type via Malformed XSLT Processing
CVSS 8.8
CVE-2011-10041 CRITICAL
Uploadify WordPress plugin <1.0 - RCE
CVE-2011-10004 MEDIUM
reciply < 1.1.8 - Unrestricted File Upload via uploadImage.php
CVSS 6.3
CVE-2011-4908 CRITICAL
TinyBrowser < 1.5.13 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2011-4906 CRITICAL
Tinybrowser < 1.5.13 - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2011-1597 HIGH
OpenVAS Manager 2.0.3 - Remote Code Execution via Plugin Upload
CVSS 8.8
CVE-2011-4907 MEDIUM
Joomla! 1.5.0-1.5.12 - Unauthenticated Unrestricted File Upload via Missing JEXEC Check
CVSS 5.3
CVE-2011-2933 HIGH
WebsiteBaker < 2.8.1 - Arbitrary File Upload via admin/media/upload.php
CVSS 7.2
CVE-2011-1134 CRITICAL
Serendipity < 1.5.5 - Stored Cross-Site Scripting in Xinha Image Manager
CVSS 9.8
CVE-2011-4183 MEDIUM
SUSE Open Build Service <2.1.16 - RCE
CVSS 6.5
CVE-2011-4334 HIGH
LabWiki < 1.1 - Authenticated Arbitrary PHP File Upload via .gif Extension
CVSS 8.8
CVE-2010-1433 CRITICAL
Joomla! 1.5.0-1.5.15 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2010-4661 HIGH
udisks < 1.0.3 - Unrestricted Kernel Module Loading
CVSS 7.8
CVE-2010-3663 HIGH
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.x < 4.4.1 - Remote Code Execution
CVSS 8.8
CVE-2009-20006 CRITICAL
osCommerce <= 2.2 RC2a - Unauthenticated Arbitrary File Upload via Admin File Manager
CVE-2009-20011 CRITICAL
ContentKeeper Web Appliance <125.10 - RCE
CVE-2006-6994
ozzywork_galeri < 2.0 - Unauthenticated Arbitrary File Upload via add.asp
Details
Vulnerabilities 4,139
Exploit Likelihood Medium