Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-8921 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Filenet Workplace XT 1.1.5 IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-02-01 | CVE-2016-6124 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Kenexa LMS on Cloud IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-01-17 | CVE-2017-5520 | Unrestricted Upload of File with Dangerous Type vulnerability in Metalgenix Genixcms The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | 8.8 |
| 2017-01-04 | CVE-2016-7902 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | 8.8 |
| 2016-11-10 | CVE-2016-9268 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | 7.2 |
| 2016-11-04 | CVE-2016-9187 | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 8.8 |
| 2016-11-04 | CVE-2016-9186 | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 8.8 |
| 2016-11-03 | CVE-2016-7452 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | 7.5 |
| 2016-11-03 | CVE-2016-7095 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | 9.8 |
| 2016-10-06 | CVE-2015-1000013 | Unrestricted Upload of File with Dangerous Type vulnerability in Csv2Wpec-Coupon Project Csv2Wpec-Coupon 1.1 Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | 7.8 |