Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2017-03-20 CVE-2016-8973 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server.
network
low complexity
ibm CWE-434
4.3
2017-03-17 CVE-2015-3884 Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 8.3/9.0/9.1
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
network
low complexity
qdpm CWE-434
8.8
2017-02-07 CVE-2016-6104 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
network
low complexity
ibm CWE-434
7.2
2017-02-01 CVE-2016-8921 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Filenet Workplace XT 1.1.5
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.8
2017-02-01 CVE-2016-6124 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.8
2017-01-17 CVE-2017-5520 Unrestricted Upload of File with Dangerous Type vulnerability in Metalgenix Genixcms
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
network
low complexity
metalgenix CWE-434
8.8
2017-01-04 CVE-2016-7902 Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.
network
low complexity
dotclear CWE-434
8.8
2016-11-10 CVE-2016-9268 Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
network
low complexity
dotclear CWE-434
7.2
2016-11-04 CVE-2016-9187 Unrestricted Upload of File with Dangerous Type vulnerability in Moodle
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
network
low complexity
moodle CWE-434
8.8
2016-11-04 CVE-2016-9186 Unrestricted Upload of File with Dangerous Type vulnerability in Moodle
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
network
low complexity
moodle CWE-434
8.8