CVE-2017-9650

HIGH Year: 2017
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.

Related Vulnerabilities

CVE-2010-4661

HIGH
CVSS:7.8(High)

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

CWE-4342010

CVE-2015-0796

HIGH
CVSS:7.8(High)

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow bui...

CWE-4342015

CVE-2015-1000013

HIGH
CVSS:7.8(High)

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1

CWE-4342015

CVE-2015-7571

HIGH
CVSS:7.8(High)

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

CWE-4342015

CVE-2017-13156

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

CWE-4342017

CVE-2017-2699

HIGH
CVSS:7.8(High)

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could ...

CWE-4342017