Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2021-25780 Unrestricted Upload of File With Dangerous Type vulnerability in Baby Care System Project Baby Care System 1.0
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0.
network
low complexity
baby-care-system-project CWE-434
6.5
2021-02-15 CVE-2020-4955 Unrestricted Upload of File With Dangerous Type vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation.
low complexity
ibm CWE-434
5.2
2021-02-11 CVE-2021-21014 Unrestricted Upload of File With Dangerous Type vulnerability in Magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass.
network
low complexity
magento CWE-434
6.5
2021-02-10 CVE-2020-28871 Unrestricted Upload of File With Dangerous Type vulnerability in Monitorr Project Monitorr 1.7.6M
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
network
low complexity
monitorr-project CWE-434
7.5
2021-02-09 CVE-2021-26918 Unrestricted Upload of File With Dangerous Type vulnerability in Probot BOT
** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type.
network
low complexity
probot CWE-434
7.5
2021-02-02 CVE-2020-25037 Unrestricted Upload of File With Dangerous Type vulnerability in Ucopia Wireless Appliance
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
local
low complexity
ucopia CWE-434
7.2
2021-02-01 CVE-2021-3378 Unrestricted Upload of File With Dangerous Type vulnerability in Fortilogger 4.4.2.2
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
network
low complexity
fortilogger CWE-434
7.5
2021-02-01 CVE-2020-20287 Unrestricted Upload of File With Dangerous Type vulnerability in Yccms 3.3
Unrestricted file upload vulnerability in the yccms 3.3 project.
network
low complexity
yccms CWE-434
7.5
2021-01-26 CVE-2021-3164 Unrestricted Upload of File With Dangerous Type vulnerability in Churchdesk Churchrota 2.6.4
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution.
network
low complexity
churchdesk CWE-434
6.5
2021-01-26 CVE-2021-22698 Unrestricted Upload of File With Dangerous Type vulnerability in SE Ecostruxure Power Build - Rapsody 2.1.13
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
network
se CWE-434
6.8