Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-31 | CVE-2019-3960 | Unrestricted Upload of File with Dangerous Type vulnerability in Wallaceit Wallacepos 1.4.3 Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | 7.2 |
| 2019-07-29 | CVE-2015-5601 | Unrestricted Upload of File with Dangerous Type vulnerability in EDX Edx-Platform edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | 8.8 |
| 2019-07-26 | CVE-2019-10267 | Unrestricted Upload of File with Dangerous Type vulnerability in Ahsay Cloud Backup Suite An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. | 8.8 |
| 2019-07-23 | CVE-2019-1010209 | Unrestricted Upload of File with Dangerous Type vulnerability in Gorul Gourl GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. | 7.5 |
| 2019-07-23 | CVE-2019-1010123 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. | 7.5 |
| 2019-07-22 | CVE-2019-12326 | Unrestricted Upload of File with Dangerous Type vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution. | 9.8 |
| 2019-07-19 | CVE-2019-13984 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 8.8 |
| 2019-07-19 | CVE-2019-13980 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | 8.8 |
| 2019-07-19 | CVE-2019-13979 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | 8.8 |
| 2019-07-19 | CVE-2019-13973 | Unrestricted Upload of File with Dangerous Type vulnerability in Layerbb 1.1.3 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | 9.8 |