Vulnerabilities (CVE)

CWE filter

CWE-434

Filter

414 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-9471 1 Digitalzoomstudio 1 Dzs-zoomsounds 2019-10-15 7.5
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
CVE-2019-17352 1 Jfinal 1 Jfinal 2019-10-15 5.0
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion...
CVE-2018-21024 1 Centreon 1 Centreon 2019-10-15 7.5
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
CVE-2019-11655 1 Hp 1 Arcsight Logger 2019-10-10 6.5
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
CVE-2019-17188 1 Fecmall 1 Fecmall 2019-10-10 6.5
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg...
CVE-2019-10935 1 Siemens 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime 2019-10-10 6.5
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0...
CVE-2019-8992 1 Tibco 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more 2019-10-09 6.5
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid,...
CVE-2019-6839 2019-10-09 6.5
An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus,...
CVE-2019-4069 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-10-09 6.5
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
CVE-2019-4056 1 Ibm 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more 2019-10-09 4.0
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
CVE-2019-3940 1 Advantech 1 Webaccess 2019-10-09 7.5
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
CVE-2019-1743 1 Cisco 1 Ios Xe 2019-10-09 N/A
A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An...
CVE-2019-12803 2019-10-09 10.0
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to...
CVE-2019-12326 1 Akuvox 1 Sp-r50p Firmware 2019-10-09 10.0
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
CVE-2019-10959 1 Bd 5 Alaris Cc Syringe Pump Firmware, Alaris Gateway Workstation Firmware, Alaris Gh Syringe Pump Firmware and 2 more 2019-10-09 7.5
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software...
CVE-2019-10930 1 Siemens 2 Digsi 5 Engineering Software, Siprotec 5 Digsi Device Driver 2019-10-09 6.4
A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU...
CVE-2019-1010209 1 Gorul 1 Gourl 2019-10-09 5.0
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14.
CVE-2019-1010123 1 Modx 1 Modx Revolution 2019-10-09 5.0
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb...
CVE-2019-1010062 1 Pluck-cms 1 Pluckcms 2019-10-09 7.5
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a...
CVE-2019-0017 1 Juniper 1 Junos Space 2019-10-09 6.5
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space...