Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-40219 | Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | 7.2 |
| 2023-09-27 | CVE-2023-42462 | Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 9.1 |
| 2023-09-25 | CVE-2023-5150 | Unrestricted Upload of File with Dangerous Type vulnerability in Dlink Dar-7000 Firmware and Dar-8000 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. | 8.8 |
| 2023-09-20 | CVE-2023-42331 | Unrestricted Upload of File with Dangerous Type vulnerability in Elitecms Elite CMS 1.01 A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | 8.8 |
| 2023-09-20 | CVE-2023-42335 | Unrestricted Upload of File with Dangerous Type vulnerability in Fl3Xx Crew and Dispatch Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | 8.8 |
| 2023-09-20 | CVE-2023-43497 | Unrestricted Upload of File with Dangerous Type vulnerability in Jenkins In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | 8.1 |
| 2023-09-20 | CVE-2023-41902 | Unrestricted Upload of File with Dangerous Type vulnerability in Corecode Macupdater An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. | 7.8 |
| 2023-09-20 | CVE-2023-43478 | Unrestricted Upload of File with Dangerous Type vulnerability in Telstra Arcadyan Lh1000 Firmware fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. | 9.8 |
| 2023-09-20 | CVE-2023-38887 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Erp/Crm File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | 8.8 |
| 2023-09-20 | CVE-2023-36319 | Unrestricted Upload of File with Dangerous Type vulnerability in Openupload Project Openupload 0.4.3 File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. | 8.8 |