Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-17 | CVE-2021-25780 | Unrestricted Upload of File With Dangerous Type vulnerability in Baby Care System Project Baby Care System 1.0 An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. | 6.5 |
2021-02-15 | CVE-2020-4955 | Unrestricted Upload of File With Dangerous Type vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. | 5.2 |
2021-02-11 | CVE-2021-21014 | Unrestricted Upload of File With Dangerous Type vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. | 6.5 |
2021-02-10 | CVE-2020-28871 | Unrestricted Upload of File With Dangerous Type vulnerability in Monitorr Project Monitorr 1.7.6M Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | 7.5 |
2021-02-09 | CVE-2021-26918 | Unrestricted Upload of File With Dangerous Type vulnerability in Probot BOT ** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type. | 7.5 |
2021-02-02 | CVE-2020-25037 | Unrestricted Upload of File With Dangerous Type vulnerability in Ucopia Wireless Appliance UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | 7.2 |
2021-02-01 | CVE-2021-3378 | Unrestricted Upload of File With Dangerous Type vulnerability in Fortilogger 4.4.2.2 FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. | 7.5 |
2021-02-01 | CVE-2020-20287 | Unrestricted Upload of File With Dangerous Type vulnerability in Yccms 3.3 Unrestricted file upload vulnerability in the yccms 3.3 project. | 7.5 |
2021-01-26 | CVE-2021-3164 | Unrestricted Upload of File With Dangerous Type vulnerability in Churchdesk Churchrota 2.6.4 ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. | 6.5 |
2021-01-26 | CVE-2021-22698 | Unrestricted Upload of File With Dangerous Type vulnerability in SE Ecostruxure Power Build - Rapsody 2.1.13 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. | 6.8 |