portal vulnerabilities and exploits

7.5
HIGH
CVE-2019-0101

Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access....

NA
CVE-2019-7392

CA Privileged Access Manager could allow a remote attacker to bypass security restrictions, caused by insufficient access controls for the components jk-manager and jk-status web service. An attacker could exploit this vulnerability to access the CA PAM Web-UI without authenticat...

6.5
MEDIUM
CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection....

NA
CVE-2018-4059

A vulnerability in the coturn Traversal Using Relay NAT (TURN) server could allow a local attacker to gain elevated privileges on a targeted system. The vulnerability is due to an unsafe default configuration that enables an unauthenticated administrative portal on the loop...

7.5
HIGH
CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN ser...

NA
CVE-2018-20503

SirsiDynix e-Library is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the sort_by parameter to inject malicious script into a Web page which would be executed in a victim's W...

4.3
MEDIUM
CVE-2018-15455

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An att...

4
MEDIUM
CVE-2018-0187

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could e...

7.5
HIGH
CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call....

3.5
LOW
CVE-2018-15614

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 throug...

7.5
HIGH
CVE-2019-6339

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and cust...