CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-1504
https://notcve.org/view.php?id=CVE-2011-1504
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a v6.0.6 GA permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del título blog. • http://issues.liferay.com/browse/LPS-11506 http://issues.liferay.com/browse/LPS-12145 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2011-1569 – Douran 3.9.7.8 - File Download/Source Code Disclosure
https://notcve.org/view.php?id=CVE-2011-1569
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. download.aspx en Douran Portal v3.9.7.8 permite a atacantes remotos obtener el código fuente de archivos de su elección en la raíz web a través de (1) una final ".", (2) un espacio al final, o (3) mayúsculas y minúsculas en el parámetro FileNameAttach. • https://www.exploit-db.com/exploits/17011 http://osvdb.org/71250 http://secunia.com/advisories/43792 http://securityreason.com/securityalert/8180 http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0 http://www.exploit-db.com/exploits/17011 http://www.securityfocus.com/archive/1/517085/100/0/threaded http://www.securityfocus.com/bid/46927 https://exchange.xforce.ibmcloud.com/vulnerabilities/66177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1CVE-2007-6055 – Liferay Portal 4.1 Login Script - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6055
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en c/portal/login en Liferay Portal 4.1.0 y 4.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro login. NOTA: Este asunto segun se informa existe debido a una regresión de la que siguió una corrección en una fecha no especificada anteriormente. • https://www.exploit-db.com/exploits/30774 http://osvdb.org/38702 http://secunia.com/advisories/27537 http://secunia.com/advisories/34714 http://securityreason.com/securityalert/3379 http://www.procheckup.com/Vulnerability_PR07-02.php http://www.securityfocus.com/archive/1/483777/100/0/threaded http://www.securityfocus.com/bid/26470 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://exchange.xforce.ibmcloud.com/vulnerabilities/38503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-5490 – Okul Otomasyon Portal 2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5490
SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en default.asp en Okul Otomasyon Portal 2.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/4539 http://secunia.com/advisories/27268 http://www.securityfocus.com/bid/26094 https://exchange.xforce.ibmcloud.com/vulnerabilities/37237 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 1CVE-2007-1514 – Viper Web Portal 0.1 - 'index.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-1514
PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. Vulnerabilidad PHP de inclusión remota de archivo en index.php en ViperWeb Portal alpha 0.1 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro modpath. • https://www.exploit-db.com/exploits/29744 http://osvdb.org/34310 http://securityreason.com/securityalert/2449 http://www.securityfocus.com/archive/1/462930/100/0/threaded http://www.securityfocus.com/bid/22979 https://exchange.xforce.ibmcloud.com/vulnerabilities/33034 •