29 matches found
EUVD-2013-4301
Malware in sbrugna...
EUVD-2012-5423
Malware in sbrugna...
EUVD-2013-0333
Malware in sbrugna...
EUVD-2013-0332
Malware in sbrugna...
EUVD-2012-3483
Malware in sbrugna...
Red Hat JBoss Enterprise Application Platform 6.1.0 Security Update (RHSA-2013:1843)
The version of JBoss Enterprise Application Platform running on the remote system is affected by multiple cross-site scripting flaws in the GateIn Portal component. This could allow a remote attacker to manipulate a logged in user into visiting a specially crafted URL, thereby executing an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4424
Multiple cross-site scripting XSS vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4424
CVE-2013-4424 affects Red Hat JBoss Portal 6.1.0 (GateIn Portal component). The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially leading to arbitrary script execution in ...
Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.0 security update
An update for the GateIn Portal component in Red Hat JBoss Portal 6.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
JBoss Enterprise Portal Platform GateIn Portal Security Update (RHSA-2013-0613)
Binary data redhat-RHSA-2013-0613.nbin...
CVE-2013-0315
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion XEE attack...
CVE-2013-0314
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets...
CVE-2012-3532
Cross-site request forgery CSRF vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2013-0315
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion XEE attack...
CVE-2012-3532
Cross-site request forgery CSRF vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2013-0315
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 is vulnerable to an XML External Entity (XXE) attack via a crafted external XML entity in an XML document, enabling remote attackers to read arbitrary files on the server. Root cause: improper XML parsing in the Gate...
CVE-2013-0314
The CVE-2013-0314 issue affects JBoss Enterprise Portal Platform 5.2.2 through the GateIn Portal export/import gadget, where importing Zip files did not properly require authentication. This allowed remote attackers to modify site contents, delete sites, or alter portlet access controls. Red Hat ...
CVE-2013-0314
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets...
CVE-2012-3532
CVE-2012-3532 is a CSRF vulnerability in the GateIn Portal component of JBoss Enterprise Portal Platform 5.2.2 and earlier. The issue could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, with potential partial confidentiality, integrity, and availa...