Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-21 | CVE-2017-9101 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 9.8 |
| 2017-05-19 | CVE-2017-9080 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. | 8.8 |
| 2017-05-19 | CVE-2017-6027 | Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server 2.3 An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 9.8 |
| 2017-05-18 | CVE-2017-9069 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | 8.8 |
| 2017-05-05 | CVE-2017-8080 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | 8.8 |
| 2017-04-25 | CVE-2017-7989 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | 6.5 |
| 2017-04-14 | CVE-2017-7357 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server 2.2.0/2.2.1/2.2.2 Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 9.1 |
| 2017-04-14 | CVE-2016-1713 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 6.4.0 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. | 7.3 |
| 2017-04-12 | CVE-2017-7281 | Unrestricted Upload of File with Dangerous Type vulnerability in Unitrends Enterprise Backup An issue was discovered in Unitrends Enterprise Backup before 9.1.2. | 8.8 |
| 2017-04-11 | CVE-2017-7695 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | 9.8 |