Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14841 | Unrestricted Upload of File with Dangerous Type vulnerability in Dasinfomedia Annual Maintenance Contract Management System Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | 6.5 |
| 2017-09-28 | CVE-2017-14840 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec Ticketplus TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | 8.8 |
| 2017-09-28 | CVE-2017-14839 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec Photo Fusion TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | 8.8 |
| 2017-09-28 | CVE-2017-14838 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec JOB Links TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | 8.8 |
| 2017-09-28 | CVE-2015-8249 | Unrestricted Upload of File with Dangerous Type vulnerability in Manageengine Desktop Central 9.0 The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | 9.8 |
| 2017-09-26 | CVE-2017-14704 | Unrestricted Upload of File with Dangerous Type vulnerability in Claydip Airbnb Clone 1.0 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | 8.8 |
| 2017-09-22 | CVE-2017-14079 | Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Mobile Security 9.7 Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-09-21 | CVE-2017-12929 | Unrestricted Upload of File with Dangerous Type vulnerability in Tecnovision DLX Spot Player4 Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 8.8 |
| 2017-09-19 | CVE-2014-9619 | Unrestricted Upload of File with Dangerous Type vulnerability in Netsweeper Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | 7.2 |
| 2017-09-19 | CVE-2017-12615 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. | 8.1 |