12 matches found
EUVD-2022-44607
Malicious code in bioql PyPI...
GHSA-FVX2-X7FF-FC56 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Summary An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues e.g., HAX-3...
CVE-2024-25146
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...
Plone Security Vulnerability
Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version v6.0.9, which stems from improper access control and allows an attacker to view and enumerate all files hosted on the site by sending a specially crafted...
GHSA-MQF8-4CQM-P83X Liferay Portal allows attackers to discover the existence of sites
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...
Design/Logic Flaw
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...
CVE-2024-25146
CVE-2024-25146 affects Liferay Portal 7.2.0–7.4.1 and older unsupported versions, and Liferay DXP 7.3 before SP3, and 7.2 before FP18. The issue arises when locale.prepend.friendly.url.style=2 is set and a custom 404 page is used, causing the app to return different responses based on whether a s...
CVE-2024-25146
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social networking, etc. Liferay...
Liferay Portal 安全漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. A security vulnerability exists in Liferay Portal versions...
Apache HTTP Server Site Enumeration
Binary data apachehttpserverenumsites.nbin...
Apache Tomcat Site Enumeration
Binary data apachetomcatenumsites.nbin...