Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2015-0258 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | 8.8 |
| 2020-02-12 | CVE-2020-6975 | Unrestricted Upload of File with Dangerous Type vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 4.9 |
| 2020-02-12 | CVE-2011-4908 | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Tinybrowser TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | 9.8 |
| 2020-02-12 | CVE-2011-4906 | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Tinybrowser Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | 9.8 |
| 2020-02-11 | CVE-2013-3684 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | 9.8 |
| 2020-02-11 | CVE-2013-2057 | Unrestricted Upload of File with Dangerous Type vulnerability in Yabb 2.5.2 YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | 9.8 |
| 2020-02-11 | CVE-2013-0803 | Unrestricted Upload of File with Dangerous Type vulnerability in Polarbear CMS Project Polarbear CMS 2.5 A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | 9.8 |
| 2020-02-10 | CVE-2019-20451 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Prismview Player 11 and Prismview System 9 The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. | 9.8 |
| 2020-02-08 | CVE-2014-8739 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | 9.8 |
| 2020-02-07 | CVE-2013-3591 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 5.3.0/5.4.0 vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | 8.8 |