Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-25 | CVE-2015-4463 | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | 4.0 |
| 2017-07-25 | CVE-2015-4462 | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | 4.0 |
| 2017-07-24 | CVE-2017-11326 | Unrestricted Upload of File with Dangerous Type vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 5.0 |
| 2017-07-20 | CVE-2017-11466 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms 4.1.1 Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. | 9.0 |
| 2017-07-18 | CVE-2017-11405 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | 4.0 |
| 2017-07-18 | CVE-2017-11404 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | 4.0 |
| 2017-07-17 | CVE-2017-1000081 | Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | 7.5 |
| 2017-06-30 | CVE-2017-6041 | Unrestricted Upload of File with Dangerous Type vulnerability in Marel products An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. | 7.5 |
| 2017-06-25 | CVE-2017-9840 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | 6.5 |
| 2017-06-21 | CVE-2017-4990 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | 7.5 |