Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-3832 | Unrestricted Upload of File with Dangerous Type vulnerability in Insteon HUB 2245-222 Firmware 1013 An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. | 9.0 |
| 2018-08-20 | CVE-2018-1000646 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | 8.8 |
| 2018-08-20 | CVE-2018-15573 | Unrestricted Upload of File with Dangerous Type vulnerability in Reprisesoftware Reprise License Manager An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. | 8.8 |
| 2018-08-16 | CVE-2018-12256 | Unrestricted Upload of File with Dangerous Type vulnerability in Litecart admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. | 8.8 |
| 2018-08-13 | CVE-2018-15139 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | 8.8 |
| 2018-08-10 | CVE-2018-14028 | Unrestricted Upload of File with Dangerous Type vulnerability in Wordpress 4.9.7 In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. | 7.2 |
| 2018-08-08 | CVE-2018-15137 | Unrestricted Upload of File with Dangerous Type vulnerability in Cela Link Clr-M20 Firmware 2.7.1.6 CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. | 9.8 |
| 2018-08-06 | CVE-2018-14857 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | 8.8 |
| 2018-08-03 | CVE-2018-14911 | Unrestricted Upload of File with Dangerous Type vulnerability in Ukcms A file upload vulnerability exists in ukcms v1.1.7 and earlier. | 7.2 |
| 2018-08-01 | CVE-2018-12468 | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Groupwise 18/18.0.1 A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. | 7.2 |