Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-46414
An issue exists in Veritas NetBackup Flex Scale up to and including 3.0 and Access Appliance up to and including 8.0.100. Unauthenticated remote command execution can occur via the management portal.
Veritas Netbackup Flex Scale Appliance
Veritas Access Appliance
9.8
CVSSv3
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows malicious users to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
Liferay Dxp 7.3
Liferay Liferay Portal
Liferay Dxp 7.4
9.8
CVSSv3
CVE-2022-42122
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows malicious users to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Liferay Liferay Portal 7.3.7
Liferay Dxp 7.3
9.8
CVSSv3
CVE-2022-27586
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote malicious user to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an i...
Sick Sim1004-0p0g311 Firmware
9.8
CVSSv3
CVE-2022-27585
Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote malicious user to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. Thi...
Sick Sim1000 Fx Firmware
9.8
CVSSv3
CVE-2022-3741
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to id...
Chatwoot Chatwoot
9.8
CVSSv3
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v19.0 MR1 and older.
Sophos Firewall
2 Articles
9.8
CVSSv3
CVE-2022-26959
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter o...
Globalnorthstar Northstar Club Management 6.3
9.8
CVSSv3
CVE-2017-20139
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x...
Ambit Movie Portal Script 7.36
9.8
CVSSv3
CVE-2017-20141
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been di...
Ambit Movie Portal Script 7.36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »