Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-02 | CVE-2017-9364 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 7.5 |
2017-05-23 | CVE-2015-4455 | Unrestricted Upload of File with Dangerous Type vulnerability in Aviary Image Editor Add-On FOR Gravity Forms Project Aviary Image Editor Add-On for Gravity Forms 3.0 Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | 7.5 |
2017-05-21 | CVE-2017-9101 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 7.5 |
2017-05-19 | CVE-2017-9080 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. | 6.5 |
2017-05-19 | CVE-2017-6027 | Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 7.5 |
2017-05-18 | CVE-2017-9069 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | 6.5 |
2017-05-05 | CVE-2017-8080 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | 6.5 |
2017-04-25 | CVE-2017-7989 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | 4.0 |
2017-04-14 | CVE-2017-7357 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 6.5 |
2017-04-14 | CVE-2016-1713 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 6.4.0 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. | 8.5 |