Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9364 Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
network
low complexity
bigtreecms CWE-434
7.5
2017-05-23 CVE-2015-4455 Unrestricted Upload of File with Dangerous Type vulnerability in Aviary Image Editor Add-On FOR Gravity Forms Project Aviary Image Editor Add-On for Gravity Forms 3.0
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
7.5
2017-05-21 CVE-2017-9101 Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
network
low complexity
playsms CWE-434
7.5
2017-05-19 CVE-2017-9080 Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed.
network
low complexity
playsms CWE-434
6.5
2017-05-19 CVE-2017-6027 Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server.
network
low complexity
codesys CWE-434
7.5
2017-05-18 CVE-2017-9069 Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
network
low complexity
modx CWE-434
6.5
2017-05-05 CVE-2017-8080 Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
network
low complexity
atlassian CWE-434
6.5
2017-04-25 CVE-2017-7989 Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla!
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
network
low complexity
joomla CWE-434
4.0
2017-04-14 CVE-2017-7357 Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
network
low complexity
atlassian CWE-434
6.5
2017-04-14 CVE-2016-1713 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 6.4.0
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/.
network
vtiger CWE-434
8.5