262 matches found
CVE-2012-10042
CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...
CVE-2025-4576
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...
CVE-2025-4576
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...
CVE-2025-4576
CVE-2025-4576 describes a reflected XSS in Liferay Portal 7.4.0–7.4.3.133 and Liferay DXP versions listed (various 2024/Qx and 2025/Q1 ranges, up to 7.4 GA with update 92). The vulnerability allows a remote, non-authenticated attacker to inject JavaScript into the page at modules/apps/blogs/blogs...
PT-2025-32363
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.133 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....
Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities
The version of Liferay Portal installed on the remote host is 7.4.x = 7.4.3.132. It is, therefore, affected by multiple vulnerabilities: - A reflected cross-site scripting XSS vulnerability in the Liferay Portal allows an remote non-authenticated attacker to inject JavaScript into the...
Exploit for CVE-2014-7911
Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 声明 所有数据均来自且仅来自公开信息,未加入个人先验知识,如有疑义,请及时联系[email protected]。 公开这批数据是为了大家一起更快更好地学习,请不要滥用这批数据,由此引发的问题,本人将概不负责。 对这批数据的分析文章首发在个人微信公众号,原文为:我分析了2018-2020年青年安全圈450个活跃技术博客和博主,转载请联系作者。 Why - 最初目的:个人日常安全阅读资源不足,需要从博客、Github、Twitter等多个数据源补充。 -...
CVE-2021-38267
Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...
CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed...
CVE-2010-1082
Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magicquotesgpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the 1 theme parameter to loadStyles.php and the 2 scripts parameter to javascript/loadScripts.php. NOTE: the...
CVE-2025-27751
creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-09 07:18:23+00:00| seen| https://poliverso.org/objects/0477a01e-45bed739-4cf70d274d3babdb 2025-06-16 21:02:26+00:00| seen|...
CVE-2025-0451
creationtimestamp| type| source ---|---|--- 2025-02-04 18:57:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113947144092757130 2025-02-04 19:05:24+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113947176087524263 2025-02-04 19:15:53+00:00| seen|...
A Bootiful Podcast: the amazing K. Siva Prasad Reddy (SivaLabs)
Hi, Spring fans! In today's installment I talk to industry legend K. Siva Prasad Reddy @sivalabs. You've probably read one of his blogs. I know I have!...
CVE-2024-38203
creationtimestamp| type| source ---|---|--- 2024-11-12 17:55:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113471268438576919 2024-11-12 18:26:35+00:00| seen| https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review...
CVE-2024-38217
creationtimestamp| type| source ---|---|--- 2024-09-10 17:25:32+00:00| seen| https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review 2024-09-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1368 2024-09-11 09:47:58+00:00| exploited|...
Squid Proxy Range Header Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...
blogs.nalsar.ac.in Improper Access Control vulnerability OBB-3959112
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-38037
creationtimestamp| type| source ---|---|--- 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html 2024-12-19 18:03:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html 2025-05-23...
CVE-2024-29988
creationtimestamp| type| source ---|---|--- 2024-04-09 21:41:41+00:00| exploited| https://t.me/ctinow/214562 2024-04-10 00:21:48+00:00| exploited| https://t.me/ctinow/214580 2024-04-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1267 2024-04-10 09:11:17+00:00| seen|...
编号撤回
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. wordPress plugin is an application plugin. This CVE number has been...