Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-12843 | Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9 ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. | 9.8 |
| 2020-09-24 | CVE-2020-12837 | Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9 ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. | 7.5 |
| 2020-09-23 | CVE-2019-1888 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. | 7.2 |
| 2020-09-22 | CVE-2020-25515 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Library Management System Project Simple Library Management System 1.0 Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. | 7.8 |
| 2020-09-22 | CVE-2020-15839 | Unrestricted Upload of File with Dangerous Type vulnerability in Liferay Portal Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | 6.5 |
| 2020-09-22 | CVE-2020-14022 | Unrestricted Upload of File with Dangerous Type vulnerability in Ozeki NG SMS Gateway Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. | 8.8 |
| 2020-09-22 | CVE-2020-4620 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. | 8.8 |
| 2020-09-19 | CVE-2020-25790 | Unrestricted Upload of File with Dangerous Type vulnerability in Typesettercms Typesetter 5.0/5.0.1/5.1 Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. | 7.2 |
| 2020-09-18 | CVE-2020-25733 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 7.5 |
| 2020-09-17 | CVE-2020-13260 | Unrestricted Upload of File with Dangerous Type vulnerability in RAD Secflow-1V Firmware Osimagesf02902.3.01.26 A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. | 6.1 |