Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-12548 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | 8.8 |
| 2019-06-03 | CVE-2019-11185 | Unrestricted Upload of File with Dangerous Type vulnerability in 3CX Live Chat The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. | 9.8 |
| 2019-06-03 | CVE-2019-12377 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Landesk Management Suite 10.0.1.168 A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | 9.8 |
| 2019-05-24 | CVE-2019-7816 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. | 9.8 |
| 2019-05-24 | CVE-2016-10758 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPkit 1.6.6 PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | 8.8 |
| 2019-05-24 | CVE-2016-10752 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.0.3 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | 9.8 |
| 2019-05-24 | CVE-2016-10751 | Unrestricted Upload of File with Dangerous Type vulnerability in Osclass 3.6.1 osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. | 7.2 |
| 2019-05-24 | CVE-2018-19612 | Unrestricted Upload of File with Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. | 8.8 |
| 2019-05-24 | CVE-2019-12150 | Unrestricted Upload of File with Dangerous Type vulnerability in Karamasoft Ultimateeditor 1.0 Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). | 9.8 |
| 2019-05-23 | CVE-2017-11561 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 6.5 |