CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3263
https://notcve.org/view.php?id=CVE-2007-3263
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." Vulnerabilidad no especificada en en el componente Default Messaging Component de IBM WebSphere Application Server(WAS) 6.1.0.7 y anteriores tiene impacto y vectores de ataque desconocidos, relacionados con la "autorización incorrecta en una interfaz remota con el repositorio SDO". • http://osvdb.org/41613 http://secunia.com/advisories/25704 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/24505 http://www.vupen.com/english/advisories/2007/2234 https://exchange.xforce.ibmcloud.com/vulnerabilities/34901 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3127 – WSPortal 1.0 - 'content.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3127
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos obtener información sensible mediante una secuencia "';" (comilla simple, punto y coma) en el parámetro page, lo cual revela la ruta de instalación en el mensaje de SQL forzado resultante. • https://www.exploit-db.com/exploits/30197 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html http://www.netvigilance.com/advisory0032 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471619/100/0/threaded http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34894 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3128
https://notcve.org/view.php?id=CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. WSportal version 1.0 suffers from a SQL injection vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html http://www.netvigilance.com/advisory0033 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471629/100/0/threaded http://www.securityfocus.com/bid/24513 http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34896 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2006-7198
https://notcve.org/view.php?id=CVE-2006-7198
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) anterior a 5.1.1.14, y WAS para z/OS 601 anterior a 6.0.2.13, tiene un impacto desconocido y vectores de ataque, relacionado con una "exposición de seguridad potencial", también conocido como PK26123. • http://secunia.com/advisories/25045 http://securitytracker.com/id?1017976 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29435 http://www-1.ibm.com/support/search.wss?rs=0&q=PK26123&apar=only http://www.vupen.com/english/advisories/2007/1553 https://exchange.xforce.ibmcloud.com/vulnerabilities/33949 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1944
https://notcve.org/view.php?id=CVE-2007-1944
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. Java Message Service (JMS) en IBM WebSphere Application Server (WAS) versiones anteriores a 6.1.0.7, permite a atacantes causar una denegación de servicio por medio de vectores desconocidos que implican la "double release [of] a bytebuffer input stream”, posiblemente una vulnerabilidad de doble liberación. • http://secunia.com/advisories/24852 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 http://www.vupen.com/english/advisories/2007/1282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •