Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-08 | CVE-2014-8739 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | 9.8 |
| 2020-02-07 | CVE-2013-3591 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 5.3.0/5.4.0 vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | 8.8 |
| 2020-02-06 | CVE-2015-6000 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | 8.8 |
| 2020-02-06 | CVE-2011-1597 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvas Manager 2.0.3 OpenVAS Manager v2.0.3 allows plugin remote code execution. | 8.8 |
| 2020-02-05 | CVE-2020-6754 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. | 9.8 |
| 2020-01-31 | CVE-2014-2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Unitedplanet Intrexx 5.2/6.0 Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. | 9.8 |
| 2020-01-31 | CVE-2020-8440 | Unrestricted Upload of File with Dangerous Type vulnerability in Simplejobscript 1.65/1.66 controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | 9.8 |
| 2020-01-28 | CVE-2013-2748 | Unrestricted Upload of File with Dangerous Type vulnerability in Belkin Wemo Switch Firmware Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | 9.8 |
| 2020-01-28 | CVE-2020-7998 | Unrestricted Upload of File with Dangerous Type vulnerability in Super File Explorer Project Super File Explorer 1.0.1 An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. | 8.8 |
| 2020-01-27 | CVE-2013-7390 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Desktop Central 7.0.0/7.0.1/8.0.0 Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | 9.8 |