Lucene search
K

42 matches found

CNNVD
CNNVD
added 2022/09/22 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

6.5CVSS6.5AI score0.00569EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.6 views

PT-2022-24434 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.12 through 7.4.3.36 Liferay DXP 7.4 update 8 through 36 Description: The Translation module does not check permissions before allowing a user to export a web content for translation. This allows attackers to...

6.5CVSS6.3AI score0.00569EPSS
Exploits0References12
NVD
NVD
added 2018/03/01 11:29 p.m.20 views

CVE-2017-6930

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

8.1CVSS7.9AI score0.0131EPSS
Exploits0References1
CVE
CVE
added 2018/03/01 10:0 p.m.129 views

CVE-2017-6930

Summary (grounded): CVE-2017-6930 affects Drupal 8.4.x prior to 8.4.5 where, on multilingual sites using node access controls, the untranslated node is incorrectly treated as the default fallback for access queries. This can enable an access bypass. The issue is limited to sites that use the Cont...

8.1CVSS7.7AI score0.0131EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2011/11/10 12:0 a.m.37 views

Drupal String Overrides Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Reported to Vendor: March 16, 2011 15:25 EST Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal String Overrides...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/02/04 12:0 a.m.11 views

FreeBSD : drupal -- multiple vulnerabilities (6d85dc62-f2bd-11dd-9f55-0030843d3802)

Drupal Team reports : The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content a node. In that proces the existing node's content is copied into the new node's submission form. The module contains a flaw that allows a user with the 'translat...

5.6AI score
Exploits0References2
NVD
NVD
added 2009/02/02 7:30 p.m.14 views

CVE-2009-0382

Unspecified vulnerability in Internationalization i18n Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors...

4.3CVSS6.6AI score0.01105EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/11/07 12:0 a.m.39 views

GLSA-200711-05 : SiteBar: Multiple issues

"The remote host is affected by the vulnerability described in GLSA-200711-05 SiteBar: Multiple issues Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the 'dir' parameter CVE-2007-5491, CVE-2007-5694 %NASLMINLEVEL 70300 C Tenable Network...

9CVSS5.5AI score0.07563EPSS
Exploits5References7
Gentoo Linux
Gentoo Linux
added 2007/11/06 12:0 a.m.42 views

SiteBar: Multiple issues

Background SiteBar is a PHP application that allows users to store their bookmarks on a web server. Description Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the "dir" parameter CVE-2007-5491, CVE-2007-5694; the translation module also...

9CVSS7AI score0.07563EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2007/10/29 8:46 p.m.31 views

CVE-2007-5694

Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...

6.8CVSS5.9AI score0.07563EPSS
Exploits1References1
Prion
Prion
added 2007/10/29 8:46 p.m.18 views

Path traversal

Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...

6.8CVSS6.2AI score0.07563EPSS
Exploits2References10Affected Software1
NVD
NVD
added 2007/10/29 8:46 p.m.21 views

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

6CVSS7.2AI score0.04938EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2007/10/29 8:46 p.m.31 views

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

6CVSS6.2AI score0.04938EPSS
Exploits1References1
Cvelist
Cvelist
added 2007/10/29 8:0 p.m.23 views

CVE-2007-5694

Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...

6AI score0.07563EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/10/29 8:0 p.m.35 views

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

7.1AI score0.04938EPSS
Exploits1References10
CVE
CVE
added 2007/10/29 8:0 p.m.80 views

CVE-2007-5693

SiteBar 3.3.8 contains an eval-injection vulnerability in the translation module (translator.php) that allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action (CVE-2007-5693). Evidence across multiple advisories (Debian DSA-1423-1, GLSA, and OSS...

6CVSS7.1AI score0.04938EPSS
Exploits1References10Affected Software1
Packet Storm
Packet Storm
added 2007/10/22 12:0 a.m.42 views

NDSA20071016.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...

9CVSS6.3AI score0.02341EPSS
Exploits2
Prion
Prion
added 2007/10/17 7:17 p.m.17 views

Code injection

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

4.6CVSS7.3AI score0.01395EPSS
Exploits1References11Affected Software1
Prion
Prion
added 2007/10/17 7:17 p.m.23 views

Directory traversal

Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...

9CVSS6.3AI score0.02341EPSS
Exploits1References8Affected Software1
UbuntuCve
UbuntuCve
added 2007/10/17 7:17 p.m.32 views

CVE-2007-5491

Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...

9CVSS6.1AI score0.02341EPSS
Exploits1References1
Rows per page
Query Builder