Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2018-21024 | Unrestricted Upload of File with Dangerous Type vulnerability in Centreon licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 9.8 |
| 2019-10-08 | CVE-2019-17352 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfinal In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. | 7.5 |
| 2019-10-08 | CVE-2019-14657 | Unrestricted Upload of File with Dangerous Type vulnerability in Yeahlink T49G Firmware, T58V Firmware and Vp59 Firmware Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. | 8.8 |
| 2019-10-08 | CVE-2019-14656 | Unrestricted Upload of File with Dangerous Type vulnerability in Yeahlink T49G Firmware, T58V Firmware and Vp59 Firmware Yealink phones through 2019-08-04 do not properly check user roles in POST requests. | 8.8 |
| 2019-10-07 | CVE-2019-15751 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitos SIX 6.2.1 An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. | 9.8 |
| 2019-10-07 | CVE-2019-15748 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitos SIX 6.2.1 SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. | 9.8 |
| 2019-10-04 | CVE-2019-17188 | Unrestricted Upload of File with Dangerous Type vulnerability in Fecmall 2.3.4 An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. | 7.2 |
| 2019-10-04 | CVE-2019-11655 | Unrestricted Upload of File with Dangerous Type vulnerability in HP Arcsight Logger Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. | 8.8 |
| 2019-10-03 | CVE-2019-15766 | Unrestricted Upload of File with Dangerous Type vulnerability in Kslabs Ksweb 3.93 The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). | 8.8 |
| 2019-09-30 | CVE-2019-17046 | Unrestricted Upload of File with Dangerous Type vulnerability in Ilch CMS 2.1.22 Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | 7.2 |