Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-16 | CVE-2018-5724 | Unrestricted Upload of File with Dangerous Type vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103 MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. | 9.8 |
| 2018-01-12 | CVE-2017-16736 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. | 7.5 |
| 2018-01-08 | CVE-2014-4972 | Unrestricted Upload of File with Dangerous Type vulnerability in Ajax Upload for Gravity Forms Project Ajax Upload for Gravity Forms 1.0/1.1 Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | 9.8 |
| 2018-01-05 | CVE-2017-15549 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC products An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. | 8.8 |
| 2018-01-01 | CVE-2018-3814 | Unrestricted Upload of File with Dangerous Type vulnerability in Craftcms Craft CMS 2.6.3000 Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. | 8.8 |
| 2017-12-30 | CVE-2017-17987 | Unrestricted Upload of File with Dangerous Type vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | 7.2 |
| 2017-12-27 | CVE-2017-17874 | Unrestricted Upload of File with Dangerous Type vulnerability in Vanguard Project Marketplace Digital products PHP 1.4.0 Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | 8.8 |
| 2017-12-19 | CVE-2017-16949 | Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes Anonymous Post PRO An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. | 9.8 |
| 2017-12-19 | CVE-2017-15876 | Unrestricted Upload of File with Dangerous Type vulnerability in Sistemagpweb Gpweb 8.4.61 Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | 7.2 |
| 2017-12-18 | CVE-2017-17727 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | 8.8 |