Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-27 | CVE-2018-10521 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | 2.7 |
| 2018-04-27 | CVE-2018-10469 | Unrestricted Upload of File with Dangerous Type vulnerability in B3Log Symphony 2.6.0 b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | 9.8 |
| 2018-04-25 | CVE-2018-10375 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | 9.8 |
| 2018-04-20 | CVE-2018-10173 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalguardian Management Console 7.1.2.0015 Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. | 8.8 |
| 2018-04-16 | CVE-2018-9153 | Unrestricted Upload of File with Dangerous Type vulnerability in Zblogcn Z-Blogphp 1.5.1 The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. | 7.2 |
| 2018-04-11 | CVE-2016-10258 | Unrestricted Upload of File with Dangerous Type vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. | 6.8 |
| 2018-04-10 | CVE-2018-9037 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | 8.8 |
| 2018-04-10 | CVE-2018-2404 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | 9.8 |
| 2018-04-01 | CVE-2018-9157 | Unrestricted Upload of File with Dangerous Type vulnerability in Axis M1033-W Firmware 5.40.5.1 An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. | 7.5 |
| 2018-04-01 | CVE-2018-9156 | Unrestricted Upload of File with Dangerous Type vulnerability in Axis P1354 Firmware 5.90.1.1 An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. | 7.5 |