Arbitrary File Creation

This page lists 29 vulnerabilities in this category.

High: 27 Medium: 2

Vulnerability Name

CVE

CWE

Severity

WebDAV Directory Has Write Permissions

-

CWE-264

High

Cross-site Scripting via File Upload

-

CWE-79

High

Fortinet FortiNAC RCE via arbitrary file upload

CVE-2022-39952

CWE-610

High

Lucee Server Arbitrary File Creation

CVE-2021-21307

CWE-22

High

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

CVE-2021-33564

CWE-20

High

Telerik Web UI Insecure Direct Object Reference

CVE-2017-11357

CWE-78

High

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

CVE-2017-11317

CWE-78

High

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

CVE-2014-2217

CWE-78

High

jQuery File Upload unauthenticated arbitrary file upload

CVE-2018-9206

CWE-434

High

File creation via HTTP method PUT

-

CWE-669

High

Amazon S3 publicly writable bucket

-

CWE-264

High

Nginx PHP code execution via FastCGI

-

CWE-94

High

OpenX arbitrary file upload

CVE-2009-4140

CWE-434

High

Uploadify arbitrary file upload

-

CWE-434

High

Unrestricted File Upload

-

CWE-434

High

File upload XSS (Java applet)

-

CWE-79

High

ColdFusion 8 FCKEditor file upload vulnerability

CVE-2009-2265

CWE-22

High

webadmin.php script

-

CWE-552

High

Unrestricted file upload vulnerability in ofc_upload_image.php

CVE-2009-4140

CWE-434

High

WordPress OptimizePress unrestricted file upload

CVE-2013-7102

CWE-20

High

WordPress plugin WPtouch insecure nonce generation

-

CWE-287

High

Multiple vulnerabilities reported in Parallels Plesk Sitebuilder

-

CWE-94

High

Joomla! JCE arbitrary file upload

-

CWE-20

High

JIRA Security Advisory 2013-02-21

-

CWE-22

High

Arbitrary File Deletion

-

CWE-20

High

Arbitrary File Creation

-

CWE-20

High

Oracle E-Business Suite Unauthenticated Remote Code Execution

CVE-2022-21587

CWE-94

High

FCKeditor arbitrary file upload

CVE-2009-2265

CWE-22

Medium

WordPress pingback scanner

CVE-2013-0235

CWE-918

Medium