Vulnerabilities (CVE)

Filtered by CWE-434
Total 2604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4334 1 Labwiki Project 1 Labwiki 2024-02-28 6.5 MEDIUM 8.8 HIGH
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.
CVE-2017-2737 1 Huawei 2 Vcm5010, Vcm5010 Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
CVE-2017-6090 1 Phpcollab 1 Phpcollab 2024-02-28 6.5 MEDIUM 8.8 HIGH
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
CVE-2018-5724 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
CVE-2017-14838 1 Teamworktec 1 Job Links 2024-02-28 6.5 MEDIUM 8.8 HIGH
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
CVE-2017-3108 1 Adobe 1 Experience Manager 2024-02-28 7.5 HIGH 9.8 CRITICAL
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
CVE-2017-1000238 1 Invoiceplane 1 Invoiceplane 2024-02-28 6.5 MEDIUM 8.8 HIGH
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
CVE-2017-13156 1 Google 1 Android 2024-02-28 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVE-2015-2780 1 Berta 1 Berta Cms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2024-02-28 6.5 MEDIUM 8.8 HIGH
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-11756 1 Earcms 1 Ear Music 2024-02-28 6.0 MEDIUM 7.0 HIGH
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.
CVE-2015-4463 1 Efrontlearning 1 Efront 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
CVE-2017-12332 1 Cisco 2 Nx-os, Unified Computing System 2024-02-28 4.9 MEDIUM 4.4 MEDIUM
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.
CVE-2017-1002001 1 Mobile-app-builder-by-wappress Project 1 Mobile-app-builder-by-wappress 2024-02-28 7.5 HIGH 9.8 CRITICAL
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-9364 1 Bigtreecms 1 Bigtree Cms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVE-2017-9380 1 Open-emr 1 Openemr 2024-02-28 6.5 MEDIUM 8.8 HIGH
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-11154 1 Synology 1 Photo Station 2024-02-28 6.5 MEDIUM 7.2 HIGH
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
CVE-2017-14346 1 Blog Project 1 Blog 2024-02-28 7.5 HIGH 9.8 CRITICAL
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVE-2017-4990 1 Emc 1 Avamar Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
CVE-2017-14958 1 Pivotx 1 Pivotx 2024-02-28 6.5 MEDIUM 7.2 HIGH
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.