1582 matches found
CVE-2022-47442
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...
CVE-2020-36485
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...
CVE-2020-23037
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2020-21999
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...
CVE-2010-3099
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename. NOTE: some of these details are obtained from third party informatio...
ABB Cylon Aspect 3.08.02 (MIX) Session Validation Bypass
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect suffers from a broken session management issue. The...
JVN#22348866: Active! mail vulnerable to stack-based buffer overflow
Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. Impact Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead t...
CVE-2025-0050
Arm Mali GPU drivers (Bifrost, Valhall, and Arm 5th Gen) expose CVE-2025-0050: Improper memory buffer bound checks allow a non-privileged process to perform GPU operations (including via WebGL/WebGPU) outside of buffer bounds. Affected: Bifrost userspace driver r0p0–r49p2 and r50p0–r51p0; Valhall...
CVE-2025-0050 Mali GPU Userspace Driver allows an Out-of-Bounds access
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations,...
ABB Cylon Aspect 3.07.02 - File Disclosure
Exploit Title : ABB Cylon Aspect 3.07.02 - File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...
CVE-2025-2495
Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...
CVE-2025-2493
Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...
CVE-2024-27564
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading...
CVE-2025-2494
Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...
CVE-2025-2493
Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...
CVE-2025-2495
The CVE-2025-2495 issue affects Softdial Contact Center (Sytel Ltd.). It is a stored XSS vulnerability where an attacker can upload XML files via /softdial/scheduler/save.php; the injected JavaScript executes when the file is loaded through /softdial/scheduler/load.php, enabling potential redirec...
CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center
Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...
CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center
Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...
CVE-2025-2494
CVE-2025-2494 describes an unrestricted file upload vulnerability in Softdial Contact Center (Sytel Ltd.). An attacker can upload files via the /softdial/phpconsole/upload.php endpoint, which is protected by basic HTTP authentication, into a directory exposed by the web application. The uploaded ...
CVE-2025-2493 Path Traversal vulnerability in Softdial Contact Center
Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the...