42 matches found
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PT-2022-24434 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.12 through 7.4.3.36 Liferay DXP 7.4 update 8 through 36 Description: The Translation module does not check permissions before allowing a user to export a web content for translation. This allows attackers to...
CVE-2017-6930
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...
CVE-2017-6930
Summary (grounded): CVE-2017-6930 affects Drupal 8.4.x prior to 8.4.5 where, on multilingual sites using node access controls, the untranslated node is incorrectly treated as the default fallback for access queries. This can enable an access bypass. The issue is limited to sites that use the Cont...
Drupal String Overrides Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Reported to Vendor: March 16, 2011 15:25 EST Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal String Overrides...
FreeBSD : drupal -- multiple vulnerabilities (6d85dc62-f2bd-11dd-9f55-0030843d3802)
Drupal Team reports : The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content a node. In that proces the existing node's content is copied into the new node's submission form. The module contains a flaw that allows a user with the 'translat...
CVE-2009-0382
Unspecified vulnerability in Internationalization i18n Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors...
GLSA-200711-05 : SiteBar: Multiple issues
"The remote host is affected by the vulnerability described in GLSA-200711-05 SiteBar: Multiple issues Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the 'dir' parameter CVE-2007-5491, CVE-2007-5694 %NASLMINLEVEL 70300 C Tenable Network...
SiteBar: Multiple issues
Background SiteBar is a PHP application that allows users to store their bookmarks on a web server. Description Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the "dir" parameter CVE-2007-5491, CVE-2007-5694; the translation module also...
CVE-2007-5694
Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...
Path traversal
Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5694
Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5693
SiteBar 3.3.8 contains an eval-injection vulnerability in the translation module (translator.php) that allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action (CVE-2007-5693). Evidence across multiple advisories (Debian DSA-1423-1, GLSA, and OSS...
NDSA20071016.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...
Code injection
Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...
Directory traversal
Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...
CVE-2007-5491
Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...