Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-15843 | Unrestricted Upload of File with Dangerous Type vulnerability in MI Xiaomi Millet Firmware 16.3.9.3 A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. | 7.4 |
| 2019-09-18 | CVE-2016-10995 | Unrestricted Upload of File with Dangerous Type vulnerability in Templatic Telvolution The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | 9.8 |
| 2019-09-17 | CVE-2019-6839 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric products A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file. | 8.8 |
| 2019-09-17 | CVE-2019-15131 | Unrestricted Upload of File with Dangerous Type vulnerability in Code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. | 9.8 |
| 2019-09-16 | CVE-2019-8371 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr 5.0.16 OpenEMR v5.0.1-6 allows code execution. | 7.2 |
| 2019-09-16 | CVE-2016-10959 | Unrestricted Upload of File with Dangerous Type vulnerability in Estatik The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | 6.5 |
| 2019-09-16 | CVE-2016-10958 | Unrestricted Upload of File with Dangerous Type vulnerability in Estatik The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | 7.5 |
| 2019-09-14 | CVE-2019-16318 | Unrestricted Upload of File with Dangerous Type vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | 8.8 |
| 2019-09-13 | CVE-2016-10955 | Unrestricted Upload of File with Dangerous Type vulnerability in Cysteme Cysteme-Finder The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | 9.8 |
| 2019-09-13 | CVE-2016-10954 | Unrestricted Upload of File with Dangerous Type vulnerability in Dynamicpress Neosense The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | 9.8 |