SUSE CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

Apache Jetspeed-2 Input Validation Error Vulnerability

Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...

Information Leakage Vulnerability in Intensive Intelligent Portal Platform of TORS Information Technology Co.

The main company of TORS Information Technology Co., Ltd. provides general platform products, industry application solutions and data services for key industry markets, such as government, media, security, finance, enterprise, intellectual property, publishing and net credit. Intensive Intelligen...

Job Portal Platform 1.0 - SQL Injection

Job Portal Platform 1.0 - SQL Injection Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1...

Job Portal Platform 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes two security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Design/Logic Flaw

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform JEAP 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to...

CVE-2011-4580

Multiple cross-site scripting XSS vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-2941

Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter...

CVE-2011-2941

Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter...

CVE-2011-4580

CVE-2011-4580 affects Red Hat JBoss Enterprise Portal Platform prior to 5.2.0. The issue is multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially leading to script execution in the victim’s portal session. The provided...

CVE-2011-2941

The CVE-2011-2941 entry describes an open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0. The flaw allows remote attackers to redirect users to arbitrary websites and conduct phishing via a URL supplied in the initialURI parameter. Affected product is JBoss Enterp...

JBoss Enterprise Portal Platform 5.2.2 Security Update (RHSA-2013-0141)

Binary data redhat-RHSA-2013-0141.nbin...

Important: Red Hat Security Advisory: apache-cxf security update

An update for the Apache CXF component of JBoss Portal Platform 6.0.0 which fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

JBoss Enterprise Portal GateIn Portal XML解析任意文件读取漏洞

CVE ID:CVE-2013-0315 JBoss Enterprise Portal Platform是一款构建和管理动态网站的平台。 JBoss Enterprise Portal Platform GateIn Portal export/import gadget存在一个漏洞可导致XML外部实体攻击。如果提供给import gadget的XML包含外部XML实体，此实体会被解析，可访问import gadget的远程攻击者可以利用此漏洞以运行应用服务器上下文读取任意文件。 0 JBoss Enterprise Portal Platform 5.2.2 厂商解决方案...

JBoss Enterprise Portal GateIn Portal未验证站点导入漏洞

CVE ID:CVE-2013-0314 JBoss Enterprise Portal Platform是一款构建和管理动态网站的平台。 JBoss Enterprise Portal Platform GateIn Portal export/import gadget在导入Zip文件时没有正确检查验证，允许远程攻击者利用漏洞修改站点内容，删除站点，或修改应用在站点portlet中的访问控制。 0 JBoss Enterprise Portal Platform 5.2.2 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息：...

CVE-2013-0314

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets...

CVE-2012-3532

Cross-site request forgery CSRF vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2012-3532

Cross-site request forgery CSRF vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2013-0315

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 is vulnerable to an XML External Entity (XXE) attack via a crafted external XML entity in an XML document, enabling remote attackers to read arbitrary files on the server. Root cause: improper XML parsing in the Gate...