Searching portal software vulnerabilities

Cross-site scripting vulnerability in DCP-Porta

user_updatephp | vulnerability | information | privileges | Javascript | DCP-Portal | Cross-site | providing | scripting | attackers | earlier | portal | allows | remote | field | users | other | gain | job |

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.


Directory traversal vulnerability in index.php

vulnerability | parameter | arbitrary | attackers | traversal | Directory | indexphp | pathname | remote | Portal | allows | Aprox | files | show | full | read | via | PHP |

Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.


profile.php in Silent Storm Portal 2.1 and 2.2

administrator | privileges | profilephp | attackers | parameter | setting | Silent | Portal | remote | allows | which | Storm | value | gain | mail |

profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.


content.php in Vortex Portal allows remote atta

information | contentphp | sensitive | attackers | parameter | pathname | message | invalid | allows | Portal | remote | obtain | Vortex | leaks | error | which | full | PHP | via | act |

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message.


SQL injection vulnerability in banner.inc.php i

vulnerability | bannerincphp | injection | JPortal | Portal | Web | SQL |

SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.


SQL injection vulnerability in jgs_portal.php i

vulnerability | jgs_portalphp | JGS-Portal | injection | SQL |

SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.


Multiple SQL injection vulnerabilities in JGS-X

vulnerabilities | JGS-Portal | injection | Multiple | JGS-XA | SQL |

Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. NOTE: this issue may stem from the same core problem as CVE-2005-1633.


SQL injection vulnerability in comentarii.php i

vulnerability | comentariiphp | Web4Future | Solutions | arbitrary | attackers | injection | parameter | commands | execute | Portal | allows | remote | News | SQL | idp | via |

SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter.


Directory traversal vulnerability in arhiva.php

vulnerability | Web4Future | Solutions | arbitrary | attackers | parameter | traversal | arhivaphp | Directory | remote | Portal | allows | files | read | News | dir | via |

Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.


Unspecified vulnerability in Hitachi Cosminexus

Collaboration | vulnerability | Unspecified | Cosminexus | component | attackers | 07-10-/B | requests | 07-10-/A | repeated | Schedule | 06-10-/B | Groupmax | Hitachi | service | through | invalid | denial | impact | Client | Portal | remote | 06-00 | 07-00 | cause | allow | via | Web |

Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.


Cross-site scripting (XSS) vulnerability in dow

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).


Unspecified vulnerability in PeopleSoft Enterpr

vulnerability | Unspecified | Enterprise | PeopleSoft | unknown | vectors | impact | attack | Bundle | Oracle | Portal | Vuln# | PSE01 | aka | #16 | #10 | has |

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.


Unspecified vulnerability in PeopleSoft Enterpr

vulnerability | Unspecified | Enterprise | PeopleSoft | Enforcer | unknown | vectors | impact | attack | Oracle | Portal | Bundle | Vuln# | PSE02 | Pack | aka | has | #10 |

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02.


Unspecified vulnerability in CA CleverPath Port

471001_179_060830 | vulnerability | credentials | maintenance | Unspecified | BrightStor | CleverPath | including | Unicenter | Security | properly | multiple | products | session | Command | another | started | servers | inherit | through | version | before | eTrust | handle | server | Center | Portal | might | which | cause | store | share | used | user | Aion | does | r102 | r111 | time | data | same | r10 | BPM | not |

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.


BEA WebLogic Portal 9.2, when running in a WebL

Administrative | entitlements | restrictions | environment | unavailable | entitlement | attackers | propagate | clustered | properly | WebLogic | intended | changes | running | managed | Portal | Server | bypass | policy | might | allow | which | while | using | does | made | BEA | not |

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.


SQL injection vulnerability in Hitachi Collabor

vulnerability | Collaboration | unspecified | uCosminexus | Management | Cosminexus | Community | injection | arbitrary | attackers | Groupmax | commands | Manager | Content | execute | vectors | Hitachi | through | remote | Online | Portal | Client | allows | 01-00 | 01-30 | used | via | SQL | Web |

SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.


Unspecified vulnerability in the Portal compone

vulnerability | Application | Unspecified | component | Server | Portal | Oracle |

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.


Software vulnerabilities results 1 to 20 of 190     
Page: 12345...10