14 matches found
EUVD-2011-1504
Malware in sbrugna...
EUVD-2008-0903
Malware in sbrugna...
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...
GHSA-RPJ9-PC39-H8J8 Liferay Portal vulnerable to arbitrary command injection
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors...
Liferay Portal vulnerable to arbitrary command injection
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors...
Directory Traversal
Liferay portal is vulnerable to directory traversal.XSL content portlet paths for XSL and XML content is not validated and allows a remote attacker to retrieve system files by submitting file:/// in the URL...
Liferay XSL - Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'activesupport/json'...
Liferay XSL Command Execution
Exploit for windows platform in category remote exploits $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors...
Code injection
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors...
CVE-2011-1503
The CVE-2011-1503 issue affects Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA. The XSL Content portlet allows remote authenticated users to read arbitrary XSL and XML files via a file:/// URL, indicating an information disclosure vulnerability within the portlet when deploye...
CVE-2011-1571
Summary: CVE-2011-1571 affects the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA when used with Apache Tomcat . The vulnerability is described as an unspecified vulnerability that allows remote attackers to execute arbitrary commands via unknown vectors....
Design/Logic Flaw
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions...
CVE-2008-0896
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions...