CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

CVE-2019-15840

The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF...

CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

CVE-2020-15840

CVE-2020-15840 affects Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, 7.1, 7.0. The underlying issue is that the property portlet.resource.id.banned.paths.regexp can be bypassed via doubled encoded URLs, enabling an authorization bypass as described in multiple sources. ...

CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

CVE-2017-15840

This CVE-2017-15840 entry is rejected/not used.

CVE-2017-15840

...

CVE-2019-15840

CVE-2019-15840 affects the WordPress plugin facebook-for-woocommerce prior to version 1.9.14. The issue is a cross-site request forgery (CSRF) vulnerability in the plugin’s handling of sensitive actions, exposed via the plugin’s WordPress integration. The root cause is insufficient CSRF protectio...

CVE-2018-15840

TP-Link TL-WR840N devices allow remote attackers to cause a denial of service networking outage via fragmented packets, as demonstrated by an "nmap -f" command...

CVE-2018-15840

CVE-2018-15840 affects TP-Link TL-WR840N devices: a vulnerability in processing fragmented packets can be exploited remotely to cause a denial of service (network outage). Demonstrated by sending fragmented packets (e.g., with nmap -f). The provided connected documents corroborate a DoS impact vi...