Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-24 | CVE-2016-10758 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPkit 1.6.6 PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | 8.8 |
| 2019-05-24 | CVE-2016-10752 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.0.3 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | 9.8 |
| 2019-05-24 | CVE-2016-10751 | Unrestricted Upload of File with Dangerous Type vulnerability in Osclass 3.6.1 osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. | 7.2 |
| 2019-05-24 | CVE-2018-19612 | Unrestricted Upload of File with Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. | 8.8 |
| 2019-05-24 | CVE-2019-12150 | Unrestricted Upload of File with Dangerous Type vulnerability in Karamasoft Ultimateeditor 1.0 Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). | 9.8 |
| 2019-05-23 | CVE-2017-11561 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 6.5 |
| 2019-05-21 | CVE-2019-6513 | Unrestricted Upload of File with Dangerous Type vulnerability in Wso2 API Manager 2.6.0 An issue was discovered in WSO2 API Manager 2.6.0. | 5.4 |
| 2019-05-20 | CVE-2019-12185 | Unrestricted Upload of File with Dangerous Type vulnerability in Elabftw 1.8.5 eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. | 8.8 |
| 2019-05-17 | CVE-2019-12170 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. | 8.8 |
| 2019-05-17 | CVE-2019-11887 | Unrestricted Upload of File with Dangerous Type vulnerability in Simplybook 20190423/20190511 SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. | 9.8 |