CVE-2025-9977 Improper neutralization of input in Times Software E-PAYROLL

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

PT-2023-12239 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 6.2.5 Description: The issue allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. The vendor disputes this issue because the exploit reference link only shows frmfolders.html is...