Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-21 | CVE-2020-1023 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
| 2020-05-21 | CVE-2020-12828 | Unrestricted Upload of File with Dangerous Type vulnerability in Pango Virtual Private Network Software Development KIT An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. | 9.8 |
| 2020-05-20 | CVE-2020-13241 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 7.8 |
| 2020-05-19 | CVE-2020-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Sourcefabric Newscoop 4.4.7 Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | 7.8 |
| 2020-05-18 | CVE-2020-12255 | Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. | 8.8 |
| 2020-05-18 | CVE-2020-13128 | Unrestricted Upload of File with Dangerous Type vulnerability in Gwtupload Project Gwtupload 1.0.3 An issue was discovered in Manolo GWTUpload 1.0.3. | 7.5 |
| 2020-05-17 | CVE-2020-13126 | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. | 9.9 |
| 2020-05-14 | CVE-2020-5577 | Unrestricted Upload of File with Dangerous Type vulnerability in Sixapart Movable Type Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. | 8.8 |
| 2020-05-11 | CVE-2020-11108 | Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. | 8.8 |
| 2020-04-30 | CVE-2020-5880 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. | 7.1 |