CVE-2025-40678 Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado

Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntfabsentismo.aspx”...

CVE-2018-18399

SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...