Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-26174 | Unrestricted Upload of File with Dangerous Type vulnerability in Tangro Business Workflow 1.17.5 tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. | 8.8 |
| 2020-12-17 | CVE-2020-35489 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 |
| 2020-12-17 | CVE-2020-25010 | Unrestricted Upload of File with Dangerous Type vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05 An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. | 9.8 |
| 2020-12-16 | CVE-2020-35133 | Unrestricted Upload of File with Dangerous Type vulnerability in Irfanview 4.56 irfanView 4.56 contains an error processing parsing files of type .pcx. | 7.5 |
| 2020-12-16 | CVE-2020-29607 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. | 7.2 |
| 2020-12-15 | CVE-2020-28072 | Unrestricted Upload of File with Dangerous Type vulnerability in Alumni Management System Project Alumni Management System 1.0 A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. | 7.2 |
| 2020-12-09 | CVE-2020-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. | 6.4 |
| 2020-12-09 | CVE-2020-26826 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload. | 6.5 |
| 2020-12-09 | CVE-2020-23520 | Unrestricted Upload of File with Dangerous Type vulnerability in Txjia Imcat 5.2 imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | 7.2 |
| 2020-12-08 | CVE-2020-26255 | Unrestricted Upload of File with Dangerous Type vulnerability in Getkirby Kirby and Panel Kirby is a CMS. | 9.1 |