CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager ELM component in Cisco Unified Communications Manager 9.11 and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222...

CVE-2025-34335

AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 are affected by an authenticated command injection in the license activation workflow (ActivateLicense.php). An authenticated user uploading a license file can craft the file name’s extension to inject shell metacharacte...

CVE-2025-34335 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

EUVD-2013-6490

Malware in sbrugna...

CVE-2022-26976

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS...

CVE-2022-26977

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS...

CVE-2022-26973

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details...

CVE-2022-26977

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS...

CVE-2022-26973

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details...

CVE-2022-26976

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS...

CVE-2022-26971

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication...

PT-2022-18149 · Barco · Transform N +1

Name of the Vulnerable Software and Affected Versions: Barco Control Room Management Suite web application, which is part of TransForm N versions prior to 3.14 Description: The issue concerns the exposure of a license file upload mechanism in the web application without requiring authentication...

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...

Design/Logic Flaw

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...

Centreon Code Issues Vulnerabilities

Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A code issue exists in the licenseUpload.php file in versions of Centreon Web prior to 2.8.27. An...

Zoho ManageEngine ADSelfService Plus XML External Entity Injection Vulnerability

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. An XML external entity injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus prior to 5.x build 5701, which can be exploited by an attacker to conduct XXE attacks via an uploaded...

CVE-2018-20664

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license...

Code injection

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license...

CVE-2018-0306

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...