6 matches found
CVE-2022-38901
A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...
CVE-2022-38901
Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...
Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2021-38901)
Summary If tracing is enabled in Operations Center, user credentials may be displayed in the trace file in plain text. Vulnerability Details CVEID: CVE-2021-38901 DESCRIPTION: IBM Spectrum Protect Operations Center, under special configurations, could allow a local user to obtain highly sensitive...
CVE-2021-38901
creationtimestamp| type| source ---|---|--- 2021-12-13 22:12:22+00:00| seen| https://t.me/cibsecurity/33884...
CVE-2021-38901
CVE-2021-38901 affects IBM Spectrum Protect Operations Center (7.1.x: 7.1.0.000–7.1.13.x). Under special configurations, a local user could obtain highly sensitive information; the issue stems from tracing exposing credentials in trace files (plain text). CVSS: vector and scores indicate a MEDIUM...
PHP Utility Belt - Remote Code Execution (Metasploit)
Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploit...