Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-33480 | Unrestricted Upload of File with Dangerous Type vulnerability in Remoteclinic Remote Clinic 2.0 RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. | 8.8 |
| 2023-11-06 | CVE-2023-5601 | Unrestricted Upload of File with Dangerous Type vulnerability in Atomicwebstrategy Woocommerce Ninja Forms Product Add-Ons The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. | 9.8 |
| 2023-11-03 | CVE-2023-41725 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2023-41357 | Unrestricted Upload of File with Dangerous Type vulnerability in GSS Vitals Enterprise Social Platform 3.0.8 Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. | 8.8 |
| 2023-11-02 | CVE-2023-42802 | Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Glpi 10.0.7/10.0.9 GLPI is a free asset and IT management software package. | 9.8 |
| 2023-11-02 | CVE-2023-5860 | Unrestricted Upload of File with Dangerous Type vulnerability in Bplugins Icons Font Loader 1.0/1.1.2 The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. | 7.2 |
| 2023-11-01 | CVE-2023-46428 | Unrestricted Upload of File with Dangerous Type vulnerability in Hadsky 7.12.10 An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | 8.8 |
| 2023-11-01 | CVE-2023-20196 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. | 7.2 |
| 2023-11-01 | CVE-2023-20195 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. | 7.2 |
| 2023-11-01 | CVE-2023-1713 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file. | 8.8 |