41 matches found
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
EUVD-2006-4364
Malware in sbrugna...
EUVD-2012-1243
Malware in sbrugna...
EUVD-2008-7131
Malware in sbrugna...
EUVD-2014-8388
Malware in sbrugna...
EUVD-2021-15699
Malware in sbrugna...
EUVD-2020-9306
Malware in sbrugna...
EUVD-2024-0653
Malicious code in bioql PyPI...
EUVD-2024-0723
Malicious code in bioql PyPI...
EUVD-2022-33411
Malicious code in bioql PyPI...
CVE-2025-3594
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...
CVE-2024-25605
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...
LibreNMS Authenticated Remote Code Execution Exploit
An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2024-26266
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
CVE-2022-45320
Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to perform of cross-site scripting XSS attacks. Such attacks can lead to execution of script code in the context of the victim's browser, or access sensitive data in the context of the browser...
CVE-2023-42627
Multiple stored cross-site scripting XSS vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a 1...
Vulnerabilities fixed in Forcepoint Cloud Security Gateway
Forcepoint has fixed vulnerabilities in the Login Portal of Cloud Security Gateway and underlying tooling such as Web Security Gateway and Email Security Gateway. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack typically...
CVE-2018-1712
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...