Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-28328 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. | 8.8 |
| 2020-11-05 | CVE-2020-27387 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. | 8.8 |
| 2020-10-30 | CVE-2020-15277 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). | 7.2 |
| 2020-10-30 | CVE-2020-4588 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM I2 Ibase 8.9.13 IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. | 7.8 |
| 2020-10-29 | CVE-2020-11486 | Unrestricted Upload of File with Dangerous Type vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution. | 9.8 |
| 2020-10-28 | CVE-2020-8260 | Unrestricted Upload of File with Dangerous Type vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | 7.2 |
| 2020-10-28 | CVE-2020-27956 | Unrestricted Upload of File with Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | 9.8 |
| 2020-10-23 | CVE-2020-25483 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.4.8 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 9.8 |
| 2020-10-21 | CVE-2020-3436 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. | 8.6 |
| 2020-10-16 | CVE-2020-26583 | Unrestricted Upload of File with Dangerous Type vulnerability in Sagedpw Sage DPW 202006000/202006001 An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. | 6.1 |