Upload abuse filters can be occasionally bypassed somehow.
On 26 November 2016, Panoramio upload bot has somehow managed to upload https://commons.wikimedia.org/wiki/File:FIRMA_COTTEN_IND_ILOL_-_panoramio.jpg (upload log). This image is a copy of the Windows 7 stock image "Chrysanthemum.jpg", and should have been prevented by filter 31 (SHA1 f5f8ad26819a471318d24631fa5055036712a87e matches: imageinfo).
Upload abuse filters still appear to work most of the time to disallow various uploads (abuse log), but that one time it clearly didn't work and I'm concerned. I could not reproduce the problem locally with an identical filter (the upload was prevented, for each of the few ways I tried).