12 matches found
CVE-2019-16914
An XSS issue was discovered in pfSense through 2.4.4-p3. In servicescaptiveportalmac.php, the username and delmac parameters are displayed without sanitization...
Cross-site Request Forgery (CSRF)
Overview com.liferay.portal:portal-service is a portal service package for Liferay. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the orderUuid parameter in the server license registration process. An attacker can register a server license without...
com.liferay.faces:liferay-faces-alloy (>=3.0.1-ga2 <=3.0.2-ga3), com.liferay.faces:liferay-faces-bridge-impl (>=3.0.0-ga1 <=3.0.5-ga6) +37 more potentially affected by CVE-2025-43809 via com.liferay.portal:portal-service (>=6.0.2 <=6.0.6)
com.liferay.portal:portal-service MAVEN version =6.0.2, =3.0.1-ga2, =3.0.0-ga1, =3.0.0-ga1, =6.0.2, =6.0.2, =6.0.2, =6.0.2, =6.0.2, =7.7.36, =7.0.0, =1.4.5.1, =0.6.0, =0.7.0, =2.4, =2.4-RC1 - org.aperteworkflow.contrib:liferay-6.0-document-provider =1.1.1 and more Source cves: CVE-2025-43809 Sour...
CVE-2025-3426
The CVE-2025-3426 entry describes lack of reverse engineering protections in Philips IntelliSpace Portal binaries, enabling discovery of hardcoded credentials. Affected products are IntelliSpace Portal 12 and earlier and Advanced Visualization Workspace 15. Technical details from connected source...
PT-2025-9115 · Dario Health · Dario Health Portal Service Application
Name of the Vulnerable Software and Affected Versions: Dario Health portal service application affected versions not specified Description: The issue allows an attacker to obtain sensitive information through a cross-site scripting XSS attack. Recommendations: At the moment, there is no informati...
au.com.permeance:liferay-clojure-integration (=0.1), br.com.thiagomoreira.liferay.plugins.bootstrap-jumbotron-app:bootstrap-jumbotron-app (>=1.0.0 <=1.0.1) +101 more potentially affected by CVE-2021-33990 via com.liferay.portal:portal-service (>=6.0.2 <=6.2.4)
com.liferay.portal:portal-service MAVEN version =6.0.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:hooks =1.0.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:lorem-ipsum-button-app =1.0.0 -...
au.com.permeance:liferay-clojure-integration (=0.1), br.com.thiagomoreira.liferay.plugins.bootstrap-jumbotron-app:bootstrap-jumbotron-app (>=1.0.0 <=1.0.1) +94 more potentially affected by CVE-2010-5327 via com.liferay.portal:portal-service (>=5.2.3 <=6.2.1)
com.liferay.portal:portal-service MAVEN version =5.2.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:hooks =1.0.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:lorem-ipsum-button-app =1.0.0 -...
DEBIAN-CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...
Open Redirection
portal-service is vulnerable to open redirection. The vulnerability exists as the library does not properly validate some specially constructed domain names, allowing an attacker to redirect users to other malicious site using this flaw...
How to Adjust the Veeam Service Provider Console Web UI Session Timeout
Purpose This article documents how to modify the Veeam Service Provider Console configuration to adjust the Web UI timeout. The default Web UI timeout is 1 hour, and tokens are good for up to 48 hours. Solution Tip: Use the copy button in the text blocks below to simplify specifying which file to...
Cross-Site Scripting (XSS)
portal-service is vulnerable to cross-site scripting XSS. The library does not sanitize the Public Render Parameter prp value, allowing the attacker to inject arbitrary script through it...
Veeam Availability Console U1 Cumulative Patch 1850
Challenge Veeam Availability Console U1 Cumulative Patch 1850. This update supersedes Veeam Availability Console U1 Cumulative Patch 1824. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1850. You can check this under Windows Programs and...