Liferay CE Portal 6.0.2 - Remote Command Execution

Liferay CE Portal 6.0.2 - Remote Command Execution Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link:...

Liferay CE Portal 6.0.2 - Remote Command Execution

Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link: https://sourceforge.net/projects/lportal/files/Liferay%20Portal/6.0.2/...

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

Cross site scripting

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

CVE-2019-15583

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

CVE-2019-15586

A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...

CVE-2019-5466

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...

CVE-2019-15586

A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...

CVE-2019-15578

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests...

CVE-2019-5466

Technical details about CVE-2019-5466 are not publicly provided in the connected documents. Monitor for updates from vendors (GitLab, Red Hat, Ubuntu, Debian, CVE List) for affected versions, impact, and remediation.

CVE-2019-15582

An IDOR was discovered in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE that allowed a maintainer to add any private group to a protected environment...

CVE-2019-5465

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID...

CVE-2019-5465

CVE-2019-5465 affects GitLab CE/EE 8.14 and later. The issue is an information disclosure in the move issue feature that could disclose the newly created issue ID. The Connected documents confirm the vulnerability description across multiple sources, but do not provide concrete remediation detail...

CVE-2019-15583

CVE-2019-15583 affects GitLab Community Edition (CE) and Enterprise Edition (EE) through versions earlier than 12.3.2, 12.2.6, and 12.1.12, where moving an issue from a private project to a public project discloses private labels and the private project namespace via the GitLab API. The underlyin...

CVE-2019-5464

CVE-2019-5464 affects GitLab CE/EE 10.2 and later due to a flawed DNS rebinding protection in lib/gitlab/url_blocker.rb, which can result in SSRF when the library is used. The issue can allow an attacker to trigger requests to the local/internal network (e.g., via webhooks), with high impact (net...

CVE-2019-15586

CVE-2019-15586 is a cross-site scripting vulnerability in the GitLab Mermaid plugin for GitLab CE/EE, affecting versions prior to 12.1.10. The root cause is insufficient validation of client-side data, enabling an attacker to execute arbitrary client-side scripts within affected instances. Practi...

CVE-2019-15586

Removed by vendor...

Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI

Summary Multiple Vulnerabilities CVE-2019-14493, CVE-2019-14492 and CVE-2019-14491 were found in OpenCV package. Vulnerability Details CVEID: CVE-2019-14493 DESCRIPTION: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes : - Update to Docker...

openSUSE: Security Advisory for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (openSUSE-SU-2020:0045-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...