Page 2 of 167 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Administration Console de BEA WebLogic Server y Express de 9.0 a 10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de URLs modificados que no se manipulan correctamente por Unexpected Exception Page (Excepción de Página no Esperada). • http://dev2dev.bea.com/pub/advisory/269 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019448 http://www.vupen.com/english/advisories/2008/0612/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Vulnerabilidad de fijación de sesión en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a través de vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/270 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019439 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad sin especificar en el servlet download de BEA Plumtree Collaboration de 4.1 a SP2 y AquaLogic Interaction de 4.2 a MP1 permite a atacantes remotos leer archivos de su elección a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/276 http://osvdb.org/41881 http://secunia.com/advisories/28991 http://www.securitytracker.com/id?1019437 http://www.vupen.com/english/advisories/2008/0607/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. BEA WebLogic Portal 10.0 y de 9.2 a MP1, cuando un administrador elimina una instancia única de un portlet de contenido, elimina las políticas de derechos para otros portlets de contenido, lo que permite a atacantes evitar las restricciones de acceso previstas. • http://dev2dev.bea.com/pub/advisory/266 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019453 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0

The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. La característica de cola distribuida en JMS de BEA WebLogic Server de 9.0 a 10.0, en ciertas configuraciones, no manipula correctamente cuando un cliente no puede enviar un mensaje a un miembro de una cola distribuida, lo que permite a usuarios autentificados remotamente evitar las restricciones de acceso previstas para colas distribuidas protegidas. • http://dev2dev.bea.com/pub/advisory/268 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019447 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •