EUVD-2008-0911

Malware in sbrugna...

CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...

CVE-2008-0904

CVE-2008-0904 affects BEA Plumtree Collaboration (4.1 through SP2) and AquaLogic Interaction (4.2 through MP1). The issue is an unspecified vulnerability in the download servlet that allows remote attackers to read arbitrary files via a crafted URL. The NVD entry lists a high impact with CVSS2 ba...

CVE-2008-0904

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL...

BEA Plumtree portal/server.pt name Parameter XSS

The version of the Plumtree portal included with BEA AquaLogic Interaction / Plumtree Foundation and installed on the remote host fails to sanitize user-supplied input to the 'name' parameter of the 'portal/server.pt' script before using it to generate dynamic HTML output. An unauthenticated...

PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals

PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals Description: BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are vulnerable to a XSS vulnerability affecting the 'name' parameter which is submitted to the '/portal/server.pt' server-side script. Date...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...

PR06-09: BEA Plumtree portal full version disclosure vulnerability

PR06-09: BEA Plumtree portal full version disclosure vulnerability Description: BEA Plumtree portal 6.0 is vulnerable to a full version disclosure vulnerability. The exact version along with the build date is always included at the bottom of every requested HTML page within HTML comments. Date...

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities

BEA AquaLogic Interaction 6.06.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26620/info BEA AquaLogic Interaction is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to access valid usernam...