Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-11466 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms 4.1.1 Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. | 7.2 |
| 2017-07-18 | CVE-2017-11405 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | 4.9 |
| 2017-07-18 | CVE-2017-11404 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | 4.9 |
| 2017-07-17 | CVE-2017-1000081 | Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | 9.8 |
| 2017-06-30 | CVE-2017-6041 | Unrestricted Upload of File with Dangerous Type vulnerability in Marel products An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. | 9.8 |
| 2017-06-25 | CVE-2017-9840 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | 8.8 |
| 2017-06-21 | CVE-2017-4990 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | 9.8 |
| 2017-06-02 | CVE-2017-9380 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | 8.8 |
| 2017-06-02 | CVE-2017-9364 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 9.8 |
| 2017-05-23 | CVE-2015-4455 | Unrestricted Upload of File with Dangerous Type vulnerability in Aviary Image Editor Add-On for Gravity Forms Project Aviary Image Editor Add-On for Gravity Forms 3.0 Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | 9.8 |