Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-19 | CVE-2019-8933 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | 8.8 |
| 2019-02-18 | CVE-2019-8433 | Unrestricted Upload of File with Dangerous Type vulnerability in Jtbc PHP 3.0.1.8 JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. | 7.5 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |
| 2019-02-16 | CVE-2019-8362 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | 7.5 |
| 2019-02-15 | CVE-2019-0259 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3 SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | 9.8 |
| 2019-02-11 | CVE-2019-7721 | Unrestricted Upload of File with Dangerous Type vulnerability in Nconsulting Nc-Cms 3.5 lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | 7.5 |
| 2019-02-09 | CVE-2019-7684 | Unrestricted Upload of File with Dangerous Type vulnerability in Inxedu 2.0.6/20181224 inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. | 9.8 |
| 2019-02-07 | CVE-2019-6139 | Unrestricted Upload of File with Dangerous Type vulnerability in Forcepoint User ID 1.1/1.2 Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. | 9.8 |
| 2019-01-15 | CVE-2019-0017 | Unrestricted Upload of File with Dangerous Type vulnerability in Juniper Junos Space The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. | 8.8 |
| 2019-01-14 | CVE-2018-1969 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 9.9 |