Liferay XSL Command Execution
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing...
View ArticleLiferay 6.0.x Webdav File Reading Vulnerability
Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that...
View ArticleLiferay Portal 6.1 – 6.0.x Privilege Escalation
Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission...
View ArticleLiferay multiple xss vulnerability
Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option...
View ArticleLiferay JSON Server API Authentication
============================================= - Release date: August 3rd, 2012 - Discovered by: Danilo Massa & Enrico Cinquini - Severity: High...
View ArticleXSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb,...
I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in AionWeb, Magento, Liferay Portal, SurgeMail, symfony and that this hole...
View ArticleXSS vulnerability in web applications with swfupload: AionWeb, Magento,...
This is update to my advisory XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony (http://securityvulns.ru/docs28761.html). After my...
View Article
More Pages to Explore .....