VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 22 of 84
  • CVE-2018-8944CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.01

    PHPOK 4.8.338 has an arbitrary file upload vulnerability.

  • CVE-2018-8766CriMar 18, 2018
    risk 0.64cvss 9.8epss 0.03

    joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.

  • CVE-2014-2592CriMar 9, 2018
    risk 0.64cvss 9.8epss 0.02

    Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

  • CVE-2018-1342CriJan 26, 2018
    risk 0.64cvss 9.8epss 0.01

    A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.

  • CVE-2018-4834CriJan 24, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All…

  • CVE-2018-5749CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.03

    install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1)…

  • CVE-2014-4972CriJan 8, 2018
    risk 0.64cvss 9.8epss 0.05

    Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under…

  • CVE-2017-8862CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.

  • CVE-2017-1000194CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.01

    October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

  • CVE-2017-1002016CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.

  • CVE-2017-14346CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.02

    upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.

  • CVE-2013-7426CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.02

    Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.

  • CVE-2014-9312HigAug 28, 2017
    risk 0.64cvss 8.8epss 0.45

    Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

  • CVE-2017-3108CriAug 11, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

  • CVE-2017-1000081CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.03

    Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

  • CVE-2017-6041CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single…

  • CVE-2017-4990CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.03

    In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute…

  • CVE-2017-9364CriJun 2, 2017
    risk 0.64cvss 9.8epss 0.01

    Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.

  • CVE-2017-6027CriMay 19, 2017
    risk 0.64cvss 9.8epss 0.03

    An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A…

  • CVE-2017-7695CriApr 11, 2017
    risk 0.64cvss 9.8epss 0.02

    Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.