CVE-2025-43784

CVE-2025-43784 affects Liferay Portal (7.4.0–7.4.3.124) and Liferay DXP (2024.Q2.0–2024.Q2.8, 2024.Q1.1–2024.Q1.12, and 7.4 GA through update 92). Root cause: improper access control allowing guest users to view object entries via API Builder. Impact: exposure of object entries information (confi...

CVE-2024-45279

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim'...

CVE-2024-47818 Logged-in users with any role can delete arbitrary files in @saltcorn/server

Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is...

CVE-2019-11397

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 when used with .NET Framework 4.5 allows Local File Inclusion via the FileDesc parameter...

CVE-2019-11397

The CVE-2019-11397 issue affects Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 when used with .NET Framework 4.5. The GetFile.aspx handler exposes a Local File Inclusion (LFI) vulnerability via the FileDesc parameter, enabling an attacker to access local files. Impact is documented as ...

PT-2019-12282 · Microsoft +1 · .Net Framework +1

Name of the Vulnerable Software and Affected Versions: Rapid4 RapidFlows Enterprise Application Builder version 4.5M.23 Description: The issue allows for Local File Inclusion via the FileDesc parameter in the GetFile.aspx file. This can be exploited when the software is used with .NET Framework...

Builder for Clash of Clans - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Builder for Clash of Clans published at the 'play' market has multiple vulnerabilities...

Oracle Application Express (Apex) CVE-2010-0076

An unspecified vulnerability in version 3.2.1 of the Application Express Application Builder component of Oracle Database allows remote, authenticated users to affect confidentiality, integrity, and availability via unpublished vectors...

Design/Logic Flaw

Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-0076

Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-0076

CVE-2010-0076 affects Oracle Database 3.2.1.00.10 (Application Express Application Builder). An unspecified vulnerability allows remote, authenticated attackers to impact confidentiality, integrity, and availability via unpublished vectors. CVSS 2.0 base score 6.0 (Network, Medium complexity, sin...