Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6975 1Digi 2Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware Jun 17, 2026 Feb 12, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the applica...Show more Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.Show less
CVE-2011-4908 1Tiny 1Tinybrowser Nov 21, 2024 Feb 12, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
CVE-2011-4906 1Tiny 1Tinybrowser Nov 21, 2024 Feb 12, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
CVE-2013-3684 1Imagely 1Nextgen Gallery Nov 21, 2024 Feb 11, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
CVE-2013-2057 1Yabb 1Yabb Nov 21, 2024 Feb 11, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
CVE-2013-0803 1Polarbear Cms Project 1Polarbear Cms Nov 21, 2024 Feb 11, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
CVE-2019-20451 1Samsung 2Prismview Player 11 Prismview System 9 Jun 17, 2026 Feb 10, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an...Show more The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)Show less
CVE-2014-8739 2Creative Solutions Jquery File Upload Project 2Creative Contact Form Jquery File Upload Nov 21, 2024 Feb 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0...Show more Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.Show less
CVE-2013-3591 1Vtiger 1Vtiger Crm Nov 21, 2024 Feb 7, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVE-2015-6000 1Vtiger 1Vtiger Crm Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to...Show more Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.Show less
CVE-2011-1597 1Openvas 1Openvas Manager Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 OpenVAS Manager v2.0.3 allows plugin remote code execution.
CVE-2020-6754 1Dotcms 1Dotcms Jun 17, 2026 Feb 5, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory)...Show more dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).Show less
CVE-2014-2025 1Unitedplanet 1Intrexx Nov 21, 2024 Jan 31, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitra...Show more Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.Show less
CVE-2020-8440 1Simplejobscript 1Simplejobscript Jun 17, 2026 Jan 31, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
CVE-2013-2748 1Belkin 1Wemo Switch Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.
CVE-2020-7998 1Super File Explorer Project 1Super File Explorer Jun 17, 2026 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default,...Show more An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.Show less
CVE-2013-7390 1Zohocorp 1Manageengine Desktop Central Nov 21, 2024 Jan 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension,...Show more Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.Show less
CVE-2020-6965 1Gehealthcare 9Apexpro Telemetry Server Firmware Carescape B450 Monitor FirmwareCarescape B650 Monitor Firmware+6 more Jun 17, 2026 Jan 24, 2020 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 V...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.Show less
CVE-2012-6649 1Devfarm 1Wp Gpx Maps Nov 21, 2024 Jan 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.
CVE-2019-16514 1Connectwise 1Control Jun 17, 2026 Jan 23, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing execu...Show more An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.Show less

Previous 1...178179180...206 Next