Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2018-17553 | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigate CMS 2.8 An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | 8.8 |
| 2018-09-28 | CVE-2018-17573 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartlogix Wp-Insert The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | 9.8 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 |
| 2018-09-25 | CVE-2018-15961 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. | 9.8 |
| 2018-09-21 | CVE-2018-16821 | Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64 SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | 5.3 |
| 2018-09-17 | CVE-2018-17139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5 UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | 8.8 |
| 2018-09-14 | CVE-2018-16287 | Unrestricted Upload of File with Dangerous Type vulnerability in LG Supersign CMS LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | 9.8 |
| 2018-09-13 | CVE-2018-16796 | Unrestricted Upload of File with Dangerous Type vulnerability in Hiscout GRC Suite 3.1.3.12 HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | 8.8 |
| 2018-09-12 | CVE-2018-16974 | Unrestricted Upload of File with Dangerous Type vulnerability in Elefantcms Elefant An issue was discovered in Elefant CMS before 2.0.7. | 9.8 |
| 2018-09-12 | CVE-2018-16388 | Unrestricted Upload of File with Dangerous Type vulnerability in E107 2.1.8 e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | 7.2 |