Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2020-9309 | Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe Mimevalidator and Recipe Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). | 6.8 |
| 2020-07-15 | CVE-2020-14066 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 6.5 |
| 2020-07-15 | CVE-2020-14065 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 4.0 |
| 2020-07-15 | CVE-2020-12854 | Unrestricted Upload of File with Dangerous Type vulnerability in Seczetta Neprofile 3.3.11 A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. | 6.5 |
| 2020-07-14 | CVE-2020-1469 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Bond 9.0.1 A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | 5.0 |
| 2020-07-13 | CVE-2019-20897 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian products The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. | 4.0 |
| 2020-07-10 | CVE-2020-8181 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 4.3 |
| 2020-06-24 | CVE-2020-13443 | Unrestricted Upload of File with Dangerous Type vulnerability in Expressionengine ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. | 6.5 |
| 2020-06-22 | CVE-2020-13887 | Unrestricted Upload of File with Dangerous Type vulnerability in Kordil Edms Project Kordil Edms 2.2.60 documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | 6.5 |
| 2020-06-19 | CVE-2020-8162 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 5.0 |