CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-5675
https://notcve.org/view.php?id=CVE-2008-5675
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." Vulnerabilidad inespecifica en IBM WebSphere Portal v6.0 anteriores a v6.0.1.5 tiene un impacto desconocido y vectores de ataque relacionados con "problemas de acceso con BasicAuthTAI". • http://secunia.com/advisories/33132 http://www-01.ibm.com/support/docview.wss?uid=swg27007603 http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304 http://www.osvdb.org/50720 http://www.vupen.com/english/advisories/2008/3427 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2008-3423
https://notcve.org/view.php?id=CVE-2008-3423
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. IBM WebSphere Portal 5.1 hasta la 6.1.0.0 permite a atacantes remotos saltarse la autenticación y obtener acceso administrativo a través de vectores no especificados. • http://secunia.com/advisories/31443 http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104 http://www.securityfocus.com/bid/30500 http://www.securitytracker.com/id?1020712 http://www.vupen.com/english/advisories/2008/2405 https://exchange.xforce.ibmcloud.com/vulnerabilities/44264 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3127 – WSPortal 1.0 - 'content.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3127
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos obtener información sensible mediante una secuencia "';" (comilla simple, punto y coma) en el parámetro page, lo cual revela la ruta de instalación en el mensaje de SQL forzado resultante. • https://www.exploit-db.com/exploits/30197 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html http://www.netvigilance.com/advisory0032 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471619/100/0/threaded http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34894 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3128
https://notcve.org/view.php?id=CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. WSportal version 1.0 suffers from a SQL injection vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html http://www.netvigilance.com/advisory0033 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471629/100/0/threaded http://www.securityfocus.com/bid/24513 http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34896 •