Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-25 | CVE-2017-16941 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. | 8.8 |
| 2017-11-22 | CVE-2017-2737 | Unrestricted Upload of File with Dangerous Type vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-2699 | Unrestricted Upload of File with Dangerous Type vulnerability in Huawei Honor 7 Firmware, Lyo-L21 Firmware and Mate S Firmware The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. | 7.8 |
| 2017-11-22 | CVE-2017-8862 | Unrestricted Upload of File with Dangerous Type vulnerability in Cohuhd 3960Hd Firmware The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | 9.8 |
| 2017-11-17 | CVE-2017-1000238 | Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. | 8.8 |
| 2017-11-17 | CVE-2017-1000194 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | 9.8 |
| 2017-11-06 | CVE-2017-16524 | Unrestricted Upload of File with Dangerous Type vulnerability in Hanwhasecurity web Viewer 1.0.0.193 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. | 8.8 |
| 2017-10-31 | CVE-2017-10940 | Unrestricted Upload of File with Dangerous Type vulnerability in Joyent Triton Datacenter This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad). | 8.8 |
| 2017-10-31 | CVE-2017-15990 | Unrestricted Upload of File with Dangerous Type vulnerability in Savsofteproducts PHPinventory Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | 9.8 |
| 2017-10-29 | CVE-2017-15962 | Unrestricted Upload of File with Dangerous Type vulnerability in Istock Management System Project Istock Management System 1.0 iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | 9.8 |