Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Arbitrary File Creation

This page lists 29 vulnerabilities in this category.

High: 27 Medium: 2
Vulnerability Name
CVE
CWE
Severity
WebDAV Directory Has Write Permissions
-
CWE-264
High
Cross-site Scripting via File Upload
-
CWE-79
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-610
High
Lucee Server Arbitrary File Creation
CVE-2021-21307
CWE-22
High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
CVE-2021-33564
CWE-20
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
jQuery File Upload unauthenticated arbitrary file upload
CVE-2018-9206
CWE-434
High
File creation via HTTP method PUT
-
CWE-669
High
Amazon S3 publicly writable bucket
-
CWE-264
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
OpenX arbitrary file upload
CVE-2009-4140
CWE-434
High
Uploadify arbitrary file upload
-
CWE-434
High
Unrestricted File Upload
-
CWE-434
High
File upload XSS (Java applet)
-
CWE-79
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
webadmin.php script
-
CWE-552
High
Unrestricted file upload vulnerability in ofc_upload_image.php
CVE-2009-4140
CWE-434
High
WordPress OptimizePress unrestricted file upload
CVE-2013-7102
CWE-20
High
WordPress plugin WPtouch insecure nonce generation
-
CWE-287
High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
-
CWE-94
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
JIRA Security Advisory 2013-02-21
-
CWE-22
High
Arbitrary File Deletion
-
CWE-20
High
Arbitrary File Creation
-
CWE-20
High
Oracle E-Business Suite Unauthenticated Remote Code Execution
CVE-2022-21587
CWE-94
High
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
WordPress pingback scanner
CVE-2013-0235
CWE-918
Medium