CWE-434
4,095 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVEs (4,095)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. |
Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. |
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a ne...Show more |
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. |
1Duware Dubanner Project 1Duware Dubanner Apr 16, 2026 May 17, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some...Show more |
Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before...Show more |
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. |
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. |
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF...Show more |
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. |
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. |
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the...Show more |
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which...Show more |
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that...Show more |
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. |