CVE-2019-0186

Apache Pluto Chat Room Demo Portlet vulnerability CVE-2019-0186 is a Cross-Site Scripting (XSS) issue in versions 3.0.0 and 3.0.1. Attackers can inject HTML into the Name/Message fields, which is reflected in the page. Mitigation: uninstall the ChatRoomDemo WAR or upgrade to version 3.1.0. No exp...

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...

Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit

Exploit for windows platform in category web applications Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Window...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...

Apache Pluto Information Disclosure Vulnerability

Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...

Design/Logic Flaw

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...