CVSS: 7.5EPSS: 1%CPEs: 39EXPL: 0CVE-2012-4834
https://notcve.org/view.php?id=CVE-2012-4834
30 Nov 2012 — Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. Una vulnerabilidad de salto de directorio en LayerLoader.jsp en el componente temático en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 antes de CF19 y v8.0 antes de CF03 permite a atacantes remotos leer archivos de su elección a través de un URI diseñada para tal fin. • http://secunia.com/advisories/51281 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2181
https://notcve.org/view.php?id=CVE-2012-2181
03 Jul 2012 — Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en el módulo Dojo en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 anteriores a vCF14, y v8.0, permite a atacantes remotos leer ficheros locales a través de una URL manipulada. • http://www.ibm.com/support/docview.wss?uid=swg1PM64172 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 3%CPEs: 77EXPL: 3CVE-2010-0714 – IBM (Multiple Products) - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0714
26 Feb 2010 — Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de ejecución de secuencias de comandos en s... • https://www.exploit-db.com/exploits/33675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 77EXPL: 1CVE-2010-0715
https://notcve.org/view.php?id=CVE-2010-0715
26 Feb 2010 — Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. Vulnerabilidad de redireccionamiento dir... • http://www-01.ibm.com/support/docview.wss?uid=swg21421469 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1008
https://notcve.org/view.php?id=CVE-2009-1008
15 Apr 2009 — Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-200... • http://osvdb.org/53747 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-1009
https://notcve.org/view.php?id=CVE-2009-1009
15 Apr 2009 — Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relación a HTML. • http://osvdb.org/53748 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1010
https://notcve.org/view.php?id=CVE-2009-1010
15 Apr 2009 — Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-200... • http://osvdb.org/53749 •