CVE-2011-0679
https://notcve.org/view.php?id=CVE-2011-0679
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." IBM WebSphere Portal v6.0.1.1 hasta v7.0.0.0, como el utilizado en IBM Lotus Web Content Management (WCM) e IBM Lotus Quickr para WebSphere Portal, permite a atacantes remotos obtener información sensible a través de un "mensaje modificado." • http://osvdb.org/70688 http://secunia.com/advisories/43081 http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159 http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-1348
https://notcve.org/view.php?id=CVE-2010-1348
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. Vulnerabilidad inespecífica en el proceso de inicio de sesión en IBM WebSphere Portal v6.0.1.1, y v6.1.0.x anteriores a v6.1.0.3 Cumulative Fix 03, tiene impacto y vectores desconocidos. • http://osvdb.org/63594 http://secunia.com/advisories/39305 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667 http://www.securityfocus.com/bid/39306 http://www.securitytracker.com/id?1023830 http://www.vupen.com/english/advisories/2010/0829 https://exchange.xforce.ibmcloud.com/vulnerabilities/57613 •
CVE-2010-0715
https://notcve.org/view.php?id=CVE-2010-0715
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. Vulnerabilidad de redireccionamiento directo en login.jsp en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos redireccionar a los usuarios a sitios de su elección y conducir ataques phising a través de la cadena de la pregunta. • http://www-01.ibm.com/support/docview.wss?uid=swg21421469 http://www.hacktics.com/content/advisories/AdvIBM20100224.html http://www.securityfocus.com/archive/1/509744/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/56602 •
CVE-2010-0714 – IBM (Multiple Products) - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0714
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del cadena "query". • https://www.exploit-db.com/exploits/33675 http://www-01.ibm.com/support/docview.wss?uid=swg21421469 http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233 http://www.hacktics.com/content/advisories/AdvIBM20100224.html http://www.securityfocus.com/archive/1/509744/100/0/threaded http://www.securityfocus.com/bid/38412 http://www.securitytracker.com/id?1023660 https://exchange.xforce.ibmcloud.com/vulnerabilities/56508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4152
https://notcve.org/view.php?id=CVE-2009-4152
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Collaboration en IBM WebSphere Portal v6.1.x anterior v6.1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través la etiqueta del selector de personas. • http://secunia.com/advisories/37526 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429 http://www-01.ibm.com/support/docview.wss?uid=swg27014411 http://www.securityfocus.com/bid/37159 http://www.vupen.com/english/advisories/2009/3367 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •