EUVD-2007-6166

Malware in sbrugna...

EUVD-2008-0874

Malware in sbrugna...

BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build...

CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...

CVE-2008-0904

CVE-2008-0904 affects BEA Plumtree Collaboration (4.1 through SP2) and AquaLogic Interaction (4.2 through MP1). The issue is an unspecified vulnerability in the download servlet that allows remote attackers to read arbitrary files via a crafted URL. The NVD entry lists a high impact with CVSS2 ba...

CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...

CVE-2008-0867

BEA AquaLogic Interaction 6.1 MP1 and Plumtree Foundation 6.0 SP1 are affected by CVE-2008-0867, a Cross‑Site Scripting (XSS) flaw in portal/server.pt that allows injection of arbitrary web script or HTML via the name parameter. The vulnerability arises from handling user-supplied input in the po...

PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals

PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals Description: BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are vulnerable to a XSS vulnerability affecting the 'name' parameter which is submitted to the '/portal/server.pt' server-side script. Date...

Plumtree Portal User Object User Enumeration

The version of the Plumtree portal included with BEA AquaLogic Interaction / Plumtree Foundation and installed on the remote host allows an attacker to obtain a list of users defined to the portal through its search facility. This may aide in further attacks against the affected application...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...

PR06-09: BEA Plumtree portal full version disclosure vulnerability

PR06-09: BEA Plumtree portal full version disclosure vulnerability Description: BEA Plumtree portal 6.0 is vulnerable to a full version disclosure vulnerability. The exact version along with the build date is always included at the bottom of every requested HTML page within HTML comments. Date...

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...

Code injection

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

CVE-2007-6198

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the intxfulltext parameter...

CVE-2007-6197

The CVE-2007-6197 entry affects BEA AquaLogic Interaction Plumtree Portal 5.0.2–5.0.4 and 6.0.1.218452. The root cause is information disclosure via comments in the HTML source of any page, allowing remote attackers to learn version numbers and internal hostnames. Impact is partial confidentialit...

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

CVE-2007-6198

The CVE-2007-6198 issue affects the Plumtree Portal component (portal/server.pt) in BEA AquaLogic Interaction versions 5.0.2–5.0.4 and 6.0.1.218452. The vulnerability allows wildcards in advanced searches for usernames via the in_tx_fulltext parameter, enabling remote attackers to enumerate valid...

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernam...