Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-27 | CVE-2019-11568 | Unrestricted Upload of File with Dangerous Type vulnerability in Aikcms 2.0 An issue was discovered in AikCms v2.0. | 8.8 |
| 2019-04-24 | CVE-2019-8992 | Unrestricted Upload of File with Dangerous Type vulnerability in Tibco products The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. | 8.8 |
| 2019-04-24 | CVE-2019-9951 | Unrestricted Upload of File with Dangerous Type vulnerability in Western Digital products Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. | 9.8 |
| 2019-04-22 | CVE-2019-11447 | Unrestricted Upload of File with Dangerous Type vulnerability in Cutephp Cutenews 2.1.2 An issue was discovered in CutePHP CuteNews 2.1.2. | 8.8 |
| 2019-04-22 | CVE-2019-11446 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor An issue was discovered in ATutor through 2.2.4. | 8.8 |
| 2019-04-22 | CVE-2019-11445 | Unrestricted Upload of File with Dangerous Type vulnerability in Openkm OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. | 7.2 |
| 2019-04-22 | CVE-2019-11401 | Unrestricted Upload of File with Dangerous Type vulnerability in Siteserver CMS 6.9.0 A issue was discovered in SiteServer CMS 6.9.0. | 7.2 |
| 2019-04-20 | CVE-2019-11377 | Unrestricted Upload of File with Dangerous Type vulnerability in Wcms 0.3.2 wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. | 8.8 |
| 2019-04-19 | CVE-2019-11344 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.8 data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. | 9.8 |
| 2019-04-18 | CVE-2019-11223 | Unrestricted Upload of File with Dangerous Type vulnerability in Supportcandy An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | 9.8 |