Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-20763
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the appropriate privilege.
Cybozu Garoon
356
VMScore
CVE-2021-20755
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the viewing privilege.
Cybozu Garoon
755
VMScore
CVE-2014-2211
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 prior to 3.3.0 allows remote malicious users to execute arbitrary SQL commands via the rssurl parameter.
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.0.1
Posh Project Posh 3.1.0
Posh Project Posh 3.0.4
Posh Project Posh 3.1.2
Posh Project Posh 3.0.3
Posh Project Posh 3.0
Posh Project Posh
1 EDB exploit
668
VMScore
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
668
VMScore
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
NA
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
383
VMScore
CVE-2008-0867
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Bea Systems Plumtree Foundation 6.0
Bea Systems Aqualogic Interaction 6.1
605
VMScore
CVE-2019-11781
Improper input validation in portal component in Odoo Community 12.0 and previous versions and Odoo Enterprise 12.0 and previous versions, allows remote malicious users to trick victims into modifying their account via crafted links, leading to privilege escalation.
Odoo Odoo
NA
CVE-2022-38184
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated malicious user to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
NA
CVE-2024-5407
A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote malicious user to perform a reverse shell on the remote system, compromising the entire infrastructure.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »