CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 22 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8944 | Cri | 0.64 | 9.8 | 0.01 | Mar 22, 2018 | PHPOK 4.8.338 has an arbitrary file upload vulnerability. | ||
| CVE-2018-8766 | Cri | 0.64 | 9.8 | 0.03 | Mar 18, 2018 | joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. | ||
| CVE-2014-2592 | Cri | 0.64 | 9.8 | 0.02 | Mar 9, 2018 | Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||
| CVE-2018-1342 | Cri | 0.64 | 9.8 | 0.01 | Jan 26, 2018 | A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | ||
| CVE-2018-4834 | Cri | 0.64 | 9.8 | 0.03 | Jan 24, 2018 | A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All… | ||
| CVE-2018-5749 | Cri | 0.64 | 9.8 | 0.03 | Jan 23, 2018 | install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1)… | ||
| CVE-2014-4972 | Cri | 0.64 | 9.8 | 0.05 | Jan 8, 2018 | Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under… | ||
| CVE-2017-8862 | Cri | 0.64 | 9.8 | 0.01 | Nov 22, 2017 | The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | ||
| CVE-2017-1000194 | Cri | 0.64 | 9.8 | 0.01 | Nov 17, 2017 | October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | ||
| CVE-2017-1002016 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | ||
| CVE-2017-14346 | Cri | 0.64 | 9.8 | 0.02 | Sep 12, 2017 | upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | ||
| CVE-2013-7426 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2017 | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||
| CVE-2014-9312 | Hig | 0.64 | 8.8 | 0.45 | Aug 28, 2017 | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | ||
| CVE-2017-3108 | Cri | 0.64 | 9.8 | 0.09 | Aug 11, 2017 | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||
| CVE-2017-1000081 | Cri | 0.64 | 9.8 | 0.03 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||
| CVE-2017-6041 | Cri | 0.64 | 9.8 | 0.02 | Jun 30, 2017 | An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single… | ||
| CVE-2017-4990 | Cri | 0.64 | 9.8 | 0.03 | Jun 21, 2017 | In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute… | ||
| CVE-2017-9364 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2017 | Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | ||
| CVE-2017-6027 | Cri | 0.64 | 9.8 | 0.03 | May 19, 2017 | An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A… | ||
| CVE-2017-7695 | Cri | 0.64 | 9.8 | 0.02 | Apr 11, 2017 | Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. |
- risk 0.64cvss 9.8epss 0.01
PHPOK 4.8.338 has an arbitrary file upload vulnerability.
- risk 0.64cvss 9.8epss 0.03
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.
- risk 0.64cvss 9.8epss 0.02
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
- risk 0.64cvss 9.8epss 0.01
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
- risk 0.64cvss 9.8epss 0.03
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All…
- risk 0.64cvss 9.8epss 0.03
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1)…
- risk 0.64cvss 9.8epss 0.05
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under…
- risk 0.64cvss 9.8epss 0.01
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.
- risk 0.64cvss 9.8epss 0.01
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
- risk 0.64cvss 9.8epss 0.03
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
- risk 0.64cvss 9.8epss 0.02
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
- risk 0.64cvss 9.8epss 0.02
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
- risk 0.64cvss 8.8epss 0.45
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
- risk 0.64cvss 9.8epss 0.09
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
- risk 0.64cvss 9.8epss 0.03
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
- risk 0.64cvss 9.8epss 0.02
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single…
- risk 0.64cvss 9.8epss 0.03
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute…
- risk 0.64cvss 9.8epss 0.01
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
- risk 0.64cvss 9.8epss 0.03
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A…
- risk 0.64cvss 9.8epss 0.02
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.