Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2018-11392 | Unrestricted Upload of File with Dangerous Type vulnerability in Jigowatt PHP Login & User Management 3.2.1/4.0/4.1.0 An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. | 8.8 |
| 2018-05-29 | CVE-2018-11523 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo Nvrmini 2 Firmware 3.6.5 upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 9.8 |
| 2018-05-28 | CVE-2018-11514 | Unrestricted Upload of File with Dangerous Type vulnerability in Naukri Clone Script Project Naukri Clone Script 3.0.3 PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | 8.8 |
| 2018-05-26 | CVE-2018-6411 | Unrestricted Upload of File with Dangerous Type vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 9.8 |
| 2018-05-26 | CVE-2018-11494 | Unrestricted Upload of File with Dangerous Type vulnerability in Opencart The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | 8.0 |
| 2018-05-23 | CVE-2018-10648 | Unrestricted Upload of File with Dangerous Type vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 9.8 |
| 2018-05-22 | CVE-2017-2617 | Unrestricted Upload of File with Dangerous Type vulnerability in Hawt.Io Hawtio hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. | 7.8 |
| 2018-05-22 | CVE-2018-11322 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! An issue was discovered in Joomla! Core before 3.8.8. | 7.5 |
| 2018-05-22 | CVE-2018-11345 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. | 8.8 |
| 2018-05-22 | CVE-2018-11340 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. | 7.2 |