Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2017-09-22 CVE-2017-14079 Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Mobile Security 9.7
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-434
6.5
2017-09-21 CVE-2017-12929 Unrestricted Upload of File with Dangerous Type vulnerability in Tecnovision DLX Spot Player4
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
network
low complexity
tecnovision CWE-434
6.5
2017-09-19 CVE-2014-9619 Unrestricted Upload of File with Dangerous Type vulnerability in Netsweeper
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
network
low complexity
netsweeper CWE-434
6.5
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Tomcat
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
6.8
2017-09-14 CVE-2017-1002016 Unrestricted Upload of File with Dangerous Type vulnerability in Flickr Picture Backup Project Flickr Picture Backup 0.7
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
network
low complexity
flickr-picture-backup-project CWE-434
7.5
2017-09-14 CVE-2017-1002008 Unrestricted Upload of File with Dangerous Type vulnerability in Membership Simplified Project Membership Simplified 1.58
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
network
low complexity
membership-simplified-project CWE-434
7.5
2017-09-14 CVE-2017-1002003 Unrestricted Upload of File with Dangerous Type vulnerability in Wp2Android-Turn-Wp-Site-Into-Android-App Project Wp2Android-Turn-Wp-Site-Into-Android-App 1.1.4
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
7.5
2017-09-14 CVE-2017-1002002 Unrestricted Upload of File with Dangerous Type vulnerability in Webapp-Builder Project Webapp-Builder 2.0
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
network
low complexity
webapp-builder-project CWE-434
7.5
2017-09-14 CVE-2017-1002001 Unrestricted Upload of File with Dangerous Type vulnerability in Mobile-App-Builder-By-Wappress Project Mobile-App-Builder-By-Wappress 1.05
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
7.5
2017-09-14 CVE-2017-1002000 Unrestricted Upload of File with Dangerous Type vulnerability in Mobile-Friendly-App-Builder-By-Easytouch Project Mobile-Friendly-App-Builder-By-Easytouch 3.0
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
7.5