8 matches found
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2025-43824
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
CVE-2025-43824
The CVE-2025-43824 affects the Profile widget in Liferay Portal 7.4.0–7.4.3.111 (and older unsupported versions) and Liferay DXP 2023.Q3–2023.Q4 and 7.4 GA up to update 92. The root cause is a user name being included in the Content-Disposition header, allowing remote authenticated users to chang...
CVE-2025-43824
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
CVE-2025-43824
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
PT-2025-40950
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description The Profile widget is susceptible to a...
Achievo 1.4.3 - Multiple Web Vulnerabilities
No description provided by source. Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management too...