Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2020-08-13 CVE-2020-7302 Unrestricted Upload of File with Dangerous Type vulnerability in Mcafee Data Loss Prevention
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.
network
low complexity
mcafee CWE-434
6.4
2020-08-12 CVE-2020-6293 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Knowledge Management
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
network
low complexity
sap CWE-434
6.4
2020-08-10 CVE-2020-15649 Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla Firefox ESR
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked.
network
mozilla CWE-434
4.3
2020-08-09 CVE-2020-17452 Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
network
low complexity
flatcore CWE-434
critical
9.0
2020-08-03 CVE-2020-5772 Unrestricted Upload of File with Dangerous Type vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.
network
high complexity
teltonika-networks CWE-434
7.1
2020-08-03 CVE-2020-5771 Unrestricted Upload of File with Dangerous Type vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
network
high complexity
teltonika-networks CWE-434
7.1
2020-07-29 CVE-2020-14488 Unrestricted Upload of File with Dangerous Type vulnerability in Freemedsoftware Openclinic GA 5.09.02/5.89.05B
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
network
low complexity
freemedsoftware CWE-434
critical
9.0
2020-07-28 CVE-2020-11476 Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
network
low complexity
concretecms CWE-434
critical
9.0
2020-07-15 CVE-2020-9309 Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe Mimevalidator and Recipe
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file).
6.8
2020-07-15 CVE-2020-14066 Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
network
low complexity
icewarp CWE-434
6.5