Lucene search
+L

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-1160

Malware in sbrugna...

5CVSS6.4AI score0.01273EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1159

Malware in sbrugna...

4.3CVSS6.4AI score0.01342EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/09/17 10:46 p.m.6 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/16 12:30 a.m.3 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the default configuration of the site membership process. An attacker can gain unauthorized access to view, add, or edit site content by registering as a user and joining sites with the...

5.4CVSS6.6AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 12:30 a.m.5 views

GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.9AI score0.00231EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/16 12:30 a.m.6 views

Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS6.9AI score0.00231EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/15 10:15 p.m.9 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 9:28 p.m.1 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.5AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 9:28 p.m.10 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.15 views

PT-2025-37766

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal 7.3 GA through update 35 Liferay Portal 7.4 GA through update 92 Description The default membership...

5.4CVSS6.5AI score0.00231EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.11 views

CVE-2024-25149

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

5.4CVSS6.4AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2024/02/20 9:30 a.m.3 views

GHSA-QPGH-6V9W-VFV6 Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

5.4CVSS6.3AI score0.00333EPSS
Exploits0References4
Veracode
Veracode
added 2022/04/20 11:43 a.m.33 views

Privilege Escalation

com.liferay.portal is vulnerable to privilege escalation. Remote authenticated attackers are able to gain access to view sensitive user information by accessing a list of sites and groups via the site membership assignment UI, due to improper validations of user permissions...

4.3CVSS5.8AI score0.00731EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2022/04/19 1:15 p.m.22 views

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

4.3CVSS0.00731EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/19 1:15 p.m.3 views

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

4.3CVSS5.8AI score0.00731EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/19 12:0 a.m.2 views

PT-2022-17948 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.7 through 7.4.1 Liferay DXP versions 7.2 fix pack 13 through 7.3 fix pack 2 Description: The issue arises from improper user permission checks when accessing a list of sites or groups. This allows remote...

4.3CVSS4.2AI score0.00731EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.3CVSS5.1AI score0.00731EPSS
Exploits0References3
NVD
NVD
added 2006/03/12 8:2 p.m.18 views

CVE-2006-1155

Cross-site scripting XSS vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in 1 login.asp and 2 default.asp...

4.3CVSS5.7AI score0.01342EPSS
Exploits0References7
Prion
Prion
added 2006/03/12 8:2 p.m.20 views

Sql injection

SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp...

5CVSS9.1AI score0.01273EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/03/12 8:0 p.m.23 views

CVE-2006-1155

Cross-site scripting XSS vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in 1 login.asp and 2 default.asp...

5.7AI score0.01342EPSS
Exploits0References7
Rows per page
Query Builder