Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000194 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | 9.8 |
| 2017-11-06 | CVE-2017-16524 | Unrestricted Upload of File with Dangerous Type vulnerability in Hanwhasecurity web Viewer 1.0.0.193 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. | 8.8 |
| 2017-10-31 | CVE-2017-10940 | Unrestricted Upload of File with Dangerous Type vulnerability in Joyent Triton Datacenter This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad). | 8.8 |
| 2017-10-31 | CVE-2017-15990 | Unrestricted Upload of File with Dangerous Type vulnerability in Savsofteproducts PHPinventory Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | 9.8 |
| 2017-10-29 | CVE-2017-15962 | Unrestricted Upload of File with Dangerous Type vulnerability in Istock Management System Project Istock Management System 1.0 iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | 9.8 |
| 2017-10-29 | CVE-2017-15957 | Unrestricted Upload of File with Dangerous Type vulnerability in Ingenious School Management System Project Ingenious School Management System 2.3.0 my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | 8.8 |
| 2017-10-23 | CVE-2011-4334 | Unrestricted Upload of File with Dangerous Type vulnerability in Labwiki Project Labwiki edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | 8.8 |
| 2017-10-23 | CVE-2017-15580 | Unrestricted Upload of File with Dangerous Type vulnerability in Osticket 1.10.1 osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. | 9.8 |
| 2017-10-17 | CVE-2014-2664 | Unrestricted Upload of File with Dangerous Type vulnerability in X2Engine X2Crm Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 8.8 |
| 2017-10-16 | CVE-2015-2780 | Unrestricted Upload of File with Dangerous Type vulnerability in Berta CMS Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 9.8 |