Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-02 | CVE-2019-7257 | Unrestricted Upload of File with Dangerous Type vulnerability in Nortekcontrol products Linear eMerge E3-Series devices allow Unrestricted File Upload. | 10.0 |
| 2019-07-02 | CVE-2019-7268 | Unrestricted Upload of File with Dangerous Type vulnerability in Nortekcontrol products Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | 10.0 |
| 2019-07-02 | CVE-2019-4292 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium 10.5 IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. | 8.8 |
| 2019-07-01 | CVE-2019-7274 | Unrestricted Upload of File with Dangerous Type vulnerability in Optergy Enterprise and Proton Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | 9.8 |
| 2019-07-01 | CVE-2019-7669 | Unrestricted Upload of File with Dangerous Type vulnerability in Primasystems Flexair 2.3.38 Prima Systems FlexAir, Versions 2.3.38 and prior. | 8.8 |
| 2019-06-30 | CVE-2019-13082 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS 1.11.8 Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. | 9.8 |
| 2019-06-20 | CVE-2019-12744 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | 7.5 |
| 2019-06-14 | CVE-2019-9842 | Unrestricted Upload of File with Dangerous Type vulnerability in Miniblog Project Miniblog madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension. | 7.2 |
| 2019-06-13 | CVE-2019-10959 | Unrestricted Upload of File with Dangerous Type vulnerability in BD products BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. | 10.0 |
| 2019-06-12 | CVE-2019-7838 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. | 9.8 |