Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-09 | CVE-2020-17452 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 7.2 |
| 2020-07-29 | CVE-2020-14488 | Unrestricted Upload of File with Dangerous Type vulnerability in Freemedsoftware Openclinic GA 5.09.02/5.89.05B OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. | 8.8 |
| 2020-07-28 | CVE-2020-11476 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | 7.2 |
| 2020-07-15 | CVE-2020-9309 | Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe Mimevalidator and Recipe Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). | 8.8 |
| 2020-07-15 | CVE-2020-14066 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 8.8 |
| 2020-07-15 | CVE-2020-14065 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 6.5 |
| 2020-07-15 | CVE-2020-12854 | Unrestricted Upload of File with Dangerous Type vulnerability in Seczetta Neprofile 3.3.11 A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. | 8.8 |
| 2020-07-14 | CVE-2020-1469 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Bond 9.0.1 A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | 7.5 |
| 2020-07-13 | CVE-2019-20897 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian products The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. | 6.5 |
| 2020-07-10 | CVE-2020-8181 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 4.3 |