Liferay 6.1 Default Configuration Compromise

Dieses Thema: "Liferay 6.1 Default Configuration Compromise" im Forum "Security News" wurde erstellt von newsbot, 21.04.2012.

  1. #1 newsbot, 21.04.2012
    newsbot

    newsbot Foren Gott

    Dabei seit:
    26.11.2007
    Beiträge:
    9.916
    Zustimmungen:
    0
    By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.

    Weiterlesen...
     
  2. Anzeige

    Schau dir mal diesen Ratgeber an. Viele Antworten inkl. passender Shell-Befehle!
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
Thema:

Liferay 6.1 Default Configuration Compromise

Die Seite wird geladen...

Liferay 6.1 Default Configuration Compromise - Ähnliche Themen

  1. Liferay 6.1 No Account Access Bypass

    Liferay 6.1 No Account Access Bypass: Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included. Weiterlesen...
  2. Liferay 6.1 Name / Email Address Disclosure

    Liferay 6.1 Name / Email Address Disclosure: Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept...
  3. Liferay 6.1 Cross Site Request Forgery

    Liferay 6.1 Cross Site Request Forgery: Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included. Weiterlesen...
  4. Liferay JSON Request Control Takeover

    Liferay JSON Request Control Takeover: Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use....
  5. Liferay 6.0.5 ce WebDAV File Reading

    Liferay 6.0.5 ce WebDAV File Reading: By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce....