44 matches found
EUVD-2008-0874
Malware in sbrugna...
EUVD-2007-0434
Malware in sbrugna...
EUVD-2007-6166
Malware in sbrugna...
EUVD-2007-0433
Malware in sbrugna...
EUVD-2007-0432
Malware in sbrugna...
ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - XSS
No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...
BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal Multiple Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build...
ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting
ORACLE Business Process Management Process Administrator 5.7-6.0-10.3 - Cross-Site Scripting |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // //...
CVE-2009-1005
Unspecified vulnerability in the Oracle Data Service Integrator AquaLogic Data Services Platform component in BEA Product Suite 10.3.0, 3.2, 3.0.1, and 3.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...
CVE-2008-0904
CVE-2008-0904 affects BEA Plumtree Collaboration (4.1 through SP2) and AquaLogic Interaction (4.2 through MP1). The issue is an unspecified vulnerability in the download servlet that allows remote attackers to read arbitrary files via a crafted URL. The NVD entry lists a high impact with CVSS2 ba...
CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...
CVE-2008-0867
Cross-site scripting XSS vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2008-0867
Cross-site scripting XSS vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2008-0867
BEA AquaLogic Interaction 6.1 MP1 and Plumtree Foundation 6.0 SP1 are affected by CVE-2008-0867, a Cross‑Site Scripting (XSS) flaw in portal/server.pt that allows injection of arbitrary web script or HTML via the name parameter. The vulnerability arises from handling user-supplied input in the po...
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals Description: BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are vulnerable to a XSS vulnerability affecting the 'name' parameter which is submitted to the '/portal/server.pt' server-side script. Date...
Plumtree Portal User Object User Enumeration
The version of the Plumtree portal included with BEA AquaLogic Interaction / Plumtree Foundation and installed on the remote host allows an attacker to obtain a list of users defined to the portal through its search facility. This may aide in further attacks against the affected application...
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...
PR06-09: BEA Plumtree portal full version disclosure vulnerability
PR06-09: BEA Plumtree portal full version disclosure vulnerability Description: BEA Plumtree portal 6.0 is vulnerable to a full version disclosure vulnerability. The exact version along with the build date is always included at the bottom of every requested HTML page within HTML comments. Date...
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...