VYPR
Vendor

Ultimate Project Manager CRM

Products
1
CVEs
23
Across products
23
Status
Private

Products

1

Recent CVEs

23
View all 23 CVEs →
  • CVE-2019-16702CriSep 23, 2019
    risk 0.68cvss 9.8epss 0.11

    Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.

  • CVE-2010-5333CriSep 13, 2019
    risk 0.68cvss 9.8epss 0.16

    The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable…

  • CVE-2020-12843CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.

  • CVE-2020-12842CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.

  • CVE-2020-12839CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.

  • CVE-2020-12838CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.

  • CVE-2024-4999CriMay 16, 2024
    risk 0.61cvss epss 0.12

    A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through…

  • CVE-2020-37004HigJan 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting…

  • CVE-2020-13119HigSep 24, 2020
    risk 0.53cvss 8.1epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to clickjacking.

  • CVE-2020-12837HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.

  • CVE-2018-12250HigJul 3, 2019
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.

  • CVE-2020-12841MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php

  • CVE-2020-12840MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php

  • CVE-2020-12281MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.

  • CVE-2024-33752May 6, 2024
    risk 0.07cvss epss 0.05

    An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.

  • CVE-2003-1481Dec 31, 2003
    risk 0.03cvss epss 0.02

    CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

  • CVE-2002-1911Dec 31, 2002
    risk 0.03cvss epss 0.03

    ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.

  • CVE-2025-5119May 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2025-25827Feb 26, 2025
    risk 0.00cvss epss 0.00

    A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

  • CVE-2024-13140Jan 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It…