CVE-2012-4834
https://notcve.org/view.php?id=CVE-2012-4834
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. Una vulnerabilidad de salto de directorio en LayerLoader.jsp en el componente temático en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 antes de CF19 y v8.0 antes de CF03 permite a atacantes remotos leer archivos de su elección a través de un URI diseñada para tal fin. • http://secunia.com/advisories/51281 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354 http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344 http://www.ibm.com/support/docview.wss?uid=swg21617713 http://www.ibm.com/support/docview.wss?uid=swg24033155 https://exchange.xforce.ibmcloud.com/vulnerabilities/78914 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-2181
https://notcve.org/view.php?id=CVE-2012-2181
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en el módulo Dojo en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 anteriores a vCF14, y v8.0, permite a atacantes remotos leer ficheros locales a través de una URL manipulada. • http://www.ibm.com/support/docview.wss?uid=swg1PM64172 http://www.ibm.com/support/docview.wss?uid=swg21598363 https://exchange.xforce.ibmcloud.com/vulnerabilities/75584 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-2754
https://notcve.org/view.php?id=CVE-2011-2754
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en PageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a través de vectores no especificados. • http://secunia.com/advisories/45106 http://www.ibm.com/support/docview.wss?uid=swg21503959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2172
https://notcve.org/view.php?id=CVE-2011-2172
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el centro de búsqueda IBM WebSphere Portal v7.0.0.1 anteriores a CF004 permite a atacantes remotos inyectar script de su elección o HTML a través de vectores no especificados. • http://osvdb.org/72500 http://secunia.com/advisories/44700 http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644 http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009 http://www.ibm.com/support/docview.wss?uid=swg24029452 http://www.securityfocus.com/bid/47954 https://exchange.xforce.ibmcloud.com/vulnerabilities/67594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2173
https://notcve.org/view.php?id=CVE-2011-2173
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. La implementación de objetos OutputMediator en IBM WebSphere Portal v6.0.1.7, v7.0.0.1 y anteriores a CF002, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria) a través de peticiones. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432 http://www.ibm.com/support/docview.wss?uid=swg24029452 https://exchange.xforce.ibmcloud.com/vulnerabilities/67687 • CWE-399: Resource Management Errors •