Search Results | AttackerKB

Show filters

Topics 83 Users 9,719

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

83 Total Results

Displaying 81-83 of 83

Attacker Value

Unknown

CVE-2020-13444

Disclosure Date: June 10, 2020 (last updated November 28, 2024)

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2019-16891

Disclosure Date: October 04, 2019 (last updated November 27, 2024)

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-16147

Disclosure Date: September 09, 2019 (last updated November 27, 2024)

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.

Attack Vector: Network Privileges: None User Interaction: Required

0