Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-22 | CVE-2019-12326 | Unrestricted Upload of File with Dangerous Type vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution. | 9.8 |
| 2019-07-19 | CVE-2019-13984 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 8.8 |
| 2019-07-19 | CVE-2019-13980 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | 8.8 |
| 2019-07-19 | CVE-2019-13979 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | 8.8 |
| 2019-07-19 | CVE-2019-13973 | Unrestricted Upload of File with Dangerous Type vulnerability in Layerbb 1.1.3 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | 9.8 |
| 2019-07-16 | CVE-2019-13359 | Unrestricted Upload of File with Dangerous Type vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | 7.5 |
| 2019-07-16 | CVE-2019-1010062 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. | 9.8 |
| 2019-07-11 | CVE-2019-10935 | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Simatic PCS 7, Simatic Wincc and Simatic Wincc Runtime A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). | 7.2 |
| 2019-07-11 | CVE-2019-10930 | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens products A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). | 7.5 |
| 2019-07-10 | CVE-2019-12803 | Unrestricted Upload of File with Dangerous Type vulnerability in Hunesion I-Onenet In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. | 9.8 |