Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-23 | CVE-2017-11357 | Unrestricted Upload of File with Dangerous Type vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | 9.8 |
| 2017-08-11 | CVE-2017-3108 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Experience Manager Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | 7.5 |
| 2017-08-08 | CVE-2017-11154 | Unrestricted Upload of File with Dangerous Type vulnerability in Synology Photo Station Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | 6.5 |
| 2017-08-08 | CVE-2017-12678 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | 6.8 |
| 2017-08-07 | CVE-2015-7571 | Unrestricted Upload of File with Dangerous Type vulnerability in Yeager CMS 1.2.1 Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | 6.8 |
| 2017-07-30 | CVE-2017-11756 | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | 6.0 |
| 2017-07-25 | CVE-2015-4463 | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | 4.0 |
| 2017-07-25 | CVE-2015-4462 | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | 4.0 |
| 2017-07-24 | CVE-2017-11326 | Unrestricted Upload of File with Dangerous Type vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 5.0 |
| 2017-07-20 | CVE-2017-11466 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms 4.1.1 Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. | 9.0 |