Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-26 | CVE-2018-11494 | Unrestricted Upload of File with Dangerous Type vulnerability in Opencart The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | 8.0 |
| 2018-05-23 | CVE-2018-10648 | Unrestricted Upload of File with Dangerous Type vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 9.8 |
| 2018-05-22 | CVE-2017-2617 | Unrestricted Upload of File with Dangerous Type vulnerability in Hawt.Io Hawtio hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. | 7.8 |
| 2018-05-22 | CVE-2018-11322 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! An issue was discovered in Joomla! Core before 3.8.8. | 7.5 |
| 2018-05-22 | CVE-2018-11345 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. | 8.8 |
| 2018-05-22 | CVE-2018-11340 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. | 7.2 |
| 2018-05-21 | CVE-2018-11331 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck An issue was discovered in Pluck before 4.7.6. | 9.8 |
| 2018-05-19 | CVE-2018-4921 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Connect Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. | 6.1 |
| 2018-05-16 | CVE-2018-10760 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectpier Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | 8.8 |
| 2018-05-15 | CVE-2018-7505 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | 9.8 |