Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-25 | CVE-2019-17403 | Unrestricted Upload of File with Dangerous Type vulnerability in Nokia Impact Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | 8.8 |
| 2019-11-22 | CVE-2013-6234 | Unrestricted Upload of File with Dangerous Type vulnerability in ENG Spagobi 4.0 Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | 8.0 |
| 2019-11-18 | CVE-2019-12409 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Solr 8.1.1/8.2.0 The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. | 9.8 |
| 2019-11-18 | CVE-2019-12271 | Unrestricted Upload of File with Dangerous Type vulnerability in Sandline Centraleyezer Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side. | 9.8 |
| 2019-11-18 | CVE-2019-19084 | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Deploy In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details. | 4.3 |
| 2019-11-18 | CVE-2019-17058 | Unrestricted Upload of File with Dangerous Type vulnerability in Footy Tipping Software 2019 Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file. | 9.1 |
| 2019-11-18 | CVE-2019-14467 | Unrestricted Upload of File with Dangerous Type vulnerability in Infoway Social Photo Gallery 1.0 The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | 7.8 |
| 2019-11-13 | CVE-2019-18952 | Unrestricted Upload of File with Dangerous Type vulnerability in Sibsoft Xfilesharing 2.5.1 SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. | 9.8 |
| 2019-11-13 | CVE-2014-1214 | Unrestricted Upload of File with Dangerous Type vulnerability in Projoom Smart Flash Header 3.0.2 views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | 8.8 |
| 2019-11-13 | CVE-2010-4661 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 7.8 |