Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.
f0c48ee96cb75fd2a8d5d59f4b09ac01709712a9b3fbfe5a377400b30d006239Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
ffa34db28244865608548350015903d37722b844554e14ccaf7d8347188e784aLiferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.
34af56ed2e0c1df197bdb004a38aeb7ac850fd1cbd8725029cf4808908941dcbLiferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.
6619bfbbf1dbfa7eb563e65bcabfac916b63c4ac1431da326cb548fddb4f5fddLiferay Portal suffers from a privilege escalation issue due to an insufficient permissions check in the updateOrganizations method of UserService.
4c1ad3c260bfe325b9aead7258ea230d32d644be3b58cca2627419a584adc85bBy creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.
3cd00ba5d2fefa08a9eafaa941c8ee4bdbf23dae39cb2ccf5da00cbf88d064e4By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
3f6c3c5b9e5e27e968adbe87afc167aa13e200b89a6647cbde10d03c9a021bacLiferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
52363e44fb0da67d9da2ef19c482ca115b0e60ea50da8776e953b5d028b5ea91The URI handler for WinSCP version 3.8.1 allows for extra command line switches to be passed to SCP.
828f6a1d625baa6b089084557ae53093b56cdfd9c41d34af1a786a83a1bd1ea7Microsoft cabarc suffers from a directory traversal attack.
0da1c6998a5f13827d20d84f85aa434f414f8be738cf5bc9a90c1282bc3e1d21Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.
74b47a75453d9dc65dbc5539bba536659320db15cce3b64be03a8b121edc9ce0Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530Complete analysis of the 180 Solutions trojan along with exploitation tools that demonstrate at least two new unpublished vulnerabilities in Microsoft Internet Explorer 6 that allow for arbitrary code execution.
633228ca6454a639b5fda36a2efc9fdfa8547bf3667c82b69a3a87a882a0b6d0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed