Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-27860 | Unrestricted Upload of File with Dangerous Type vulnerability in Fatpipeinc Ipvpn Firmware and Warp Firmware A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. | 8.8 |
| 2021-12-07 | CVE-2021-42125 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | 8.8 |
| 2021-12-06 | CVE-2021-43936 | Unrestricted Upload of File with Dangerous Type vulnerability in Webhmi Firmware 3.5/4.0 The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. | 9.8 |
| 2021-12-03 | CVE-2021-23562 | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Plupload This affects the package plupload before 2.3.9. | 8.8 |
| 2021-12-02 | CVE-2020-29176 | Unrestricted Upload of File with Dangerous Type vulnerability in Zblogcn Z-Blogphp 1.6.1.2100 An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | 7.8 |
| 2021-11-30 | CVE-2021-42099 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | 9.8 |
| 2021-11-30 | CVE-2021-42123 | Unrestricted Upload of File with Dangerous Type vulnerability in Businessdnasolutions Topease Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | 8.8 |
| 2021-11-28 | CVE-2021-44093 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | 9.8 |
| 2021-11-28 | CVE-2021-44094 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | 7.8 |
| 2021-11-19 | CVE-2021-22968 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. | 7.2 |