CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,139 vulnerabilities with CWE-434
CVE-2006-5845
Speedywiki 2.0 - Authenticated Unrestricted File Upload via upload Parameter
CVE-2006-4558
DeluxeBB < 1.06 - Remote Code Execution via Double Extension File Upload
CVE-2006-4471
Joomla! < 1.0.11 - Authenticated Unrestricted File Upload via Admin Upload Image
CVE-2006-2428
DUware DUbanner 3.1 - Unauthenticated Arbitrary File Upload via add.asp
CVE-2005-3288
Mailsite Express - Unauthenticated Arbitrary File Upload and Remote Code Execution via Compose Page Attachment
CVE-2005-1868
i-man < 0.9 - Remote Code Execution via PHP File Upload
CVE-2005-1881
YaPiG 0.92b, 0.93u, 0.94u - Unauthenticated Arbitrary File Upload via upload.php
CVE-2005-0254 LOW
BibORB 1.3.2 - Unrestricted Upload of File with Dangerous Type
CVSS 3.7
CVE-2004-2262
e107 < 0.617 - Remote Code Execution via ImageManager PHP File Upload
CVE-2002-1841
NOLA 1.1.1-1.1.2 - Unrestricted Upload of Dangerous File Types
CVE-2001-0901
Hypermail - Remote Code Execution via .shtml Attachment Upload
CVE-2001-1099
Norton AntiVirus for Microsoft Exchange 2000 2.x - Info Disclosure
CVE-2001-0340
Microsoft Exchange Server 2000 - Unrestricted Upload of File with Dangerous Type via OWA Message Attachment
CVE-1999-0036 HIGH
IRIX - Unrestricted File Upload via Login Program LOCKOUT Parameter
CVSS 8.4
Details
Vulnerabilities 4,139
Exploit Likelihood Medium