CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2007-1506 – Oracle Portal 10g - 'P_OldURL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1506
19 Mar 2007 — Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PORTAL.wwv_main.render_warning_screen en Oracle Portal 10g permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) p_oldurl y (2) p_newurl. • https://www.exploit-db.com/exploits/29749 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0423
https://notcve.org/view.php?id=CVE-2007-0423
23 Jan 2007 — BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. BEA WebLogic Portal 9.2 no maneja adecuadamente cuando un administrador borra derechos de un rol, lo que provoca que otros derechos de ese rol sean "afectados inadvertidamente", lo cual tiene un impacto desconocido. • http://dev2dev.bea.com/pub/advisory/218 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0426
https://notcve.org/view.php?id=CVE-2007-0426
23 Jan 2007 — BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. BEA WebLogic Portal 9.2, cuando se ejecuta en un entorno de clúster de Servidores WebLogic utilizando derechos de Portal WebLogic, no propaga adecuadamente los cambios de políticas de der... • http://dev2dev.bea.com/pub/advisory/223 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6699
https://notcve.org/view.php?id=CVE-2006-6699
23 Dec 2006 — Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. Múltiples vulnerabilidades de inyección SRLF en Oracle Portal 9.0.2 y posiblemente otras versiones permiten a un atacante remoto inyectar cabeceras HTTP de su elección y conducir ... • http://www.securityfocus.com/archive/1/455106/100/0/threaded •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2006-6697 – Oracle Portal 9.0.2 - Calendar.jsp Multiple HTTP Response Splitting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6697
22 Dec 2006 — CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. Vulnerabilidad de inyección de CRLF en webapp/jsp/calendar.jsp en Oracle Portal 10g y anteriores, incluyendo 9.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de fragmentación de respuestas HTTP mediante secuencias CRL... • https://www.exploit-db.com/exploits/29301 •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2006-1358
https://notcve.org/view.php?id=CVE-2006-1358
22 Mar 2006 — Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. • ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip •
CVSS: 9.8EPSS: 12%CPEs: 60EXPL: 0CVE-2006-0552
https://notcve.org/view.php?id=CVE-2006-0552
04 Feb 2006 — Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. • http://secunia.com/advisories/18493 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-0423
https://notcve.org/view.php?id=CVE-2006-0423
25 Jan 2006 — BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2006-0428
https://notcve.org/view.php?id=CVE-2006-0428
25 Jan 2006 — Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2006-0425
https://notcve.org/view.php?id=CVE-2006-0425
25 Jan 2006 — BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 •