Online Job Portal version 1.0 suffers from a persistent cross site scripting vulnerability.
d6642d1a84f86dc55e84952272e0564aHotel Booking Portal version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
6681a356490ff44dcaab0358c4e61b55ESCON SupportPortal Pro version 3.0 suffers from a stored cross site scripting vulnerability.
ee476706cb8cdc19f95724419630a01bPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
6a37889c02072ccc8a6fb731191bc477Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.
577e392415ccfe6fa1824f15e00d21c4ocPortal CMS versions 7.1.5 and below are vulnerable to open URL redirection.
7a621a9b271953e210df9470cbd70e72Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
fa06b75565e160f603b4610527cfa308Secunia Security Advisory - A vulnerability has been reported in Oracle Portal, which can be exploited by malicious people to manipulate certain data.
86a8b8e7cb14ebbb1b75aed3430cddb1Netsweeper Internet Filter suffers from cross site scripting and cross site request forgery vulnerabilities in the WebAdmin portal.
de90aef3bc4529cabc501848b23deaf4Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to disclose potentially sensitive information.
a1705ac1be185850ed0d3ff96dca427eSecunia Security Advisory - Vulnerability Laboratory Research has reported multiple vulnerabilities in Jobs Portal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
45568c5f36e9197f90abd9c4cec83489PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
5d3c2d88854b1b904d2813865e82fc7fJobs Portal version 3.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
6bab5326cb6d4333c2fa7a2d133be03dThis Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.
3e7aa29056921982fd5564fee15bd5aaSecunia Security Advisory - Multiple vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
0ffae5b3a4503cb52bed3bbfee66d15fSecunia Security Advisory - Two vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to compromise a vulnerable system.
ada089c1ed301775f60c88ec98479939Liferay Portal suffers from a privilege escalation issue due to an insufficient permissions check in the updateOrganizations method of UserService.
c1114907b2057f35a15e7d543ef826fdUiga Personal Portal suffers from a remote SQL injection vulnerability in index2.php.
e59c9c4630ed5fbfefbc54cc2684ef83FlirtPortal Script suffers from cross site scripting and remote SQL injection vulnerabilities.
d3520e6a26007e6bcf7d315ff82e6147Secunia Security Advisory - the_storm has reported a vulnerability in Car Portal CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
288db88590b942a5c69a103fa2dc0b5aCar Portal CMS version 3.0 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
269134f27fcc15434b5e140d8ad6cc69Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to manipulate certain data and disclose potentially sensitive information.
a0b87c3ec4293c4732d543ef170bdd38Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.
189d8ae1b672374f456cbd82bbd8e382Secunia Security Advisory - Jelmer Kuperus has discovered a vulnerability in Liferay Portal, which can be exploited by malicious people to bypass certain security restrictions.
be1b2bbe656bc4cb4a7e45cb0ae4259aSecunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Portal, which can be exploited by malicious users to manipulate certain data.
3da41731d12a4550b624621e1db8b799By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.
94d5d9f05f2aca62c5b79765fd0eb61a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed