Page 13 of 76 results (0.004 seconds)

CVSS: 5.8EPSS: 0%CPEs: 45EXPL: 0

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 http://www-01.ibm.com/support/docview.wss?uid=swg21662873 https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selección durante el renderizado del componente Taxonomy, lo cual permite a atacantes remotos obtener información sensible sobre propiedades en circunstancias oportunistas, aprovechando un error en un procesador de contexto Web COntent Manager (WCM). • http://osvdb.org/101270 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64492 https://exchange.xforce.ibmcloud.com/vulnerabilities/88597 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores que involucran elementos iFRAME. • http://osvdb.org/101269 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64495 https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada. IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. • http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 http://www-01.ibm.com/support/docview.wss?uid=swg21655656 https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •