Page 4 of 18 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. IBM WebSphere Portal 5.1 hasta la 6.1.0.0 permite a atacantes remotos saltarse la autenticación y obtener acceso administrativo a través de vectores no especificados. • http://secunia.com/advisories/31443 http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104 http://www.securityfocus.com/bid/30500 http://www.securitytracker.com/id?1020712 http://www.vupen.com/english/advisories/2008/2405 https://exchange.xforce.ibmcloud.com/vulnerabilities/44264 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos obtener información sensible mediante una secuencia "';" (comilla simple, punto y coma) en el parámetro page, lo cual revela la ruta de instalación en el mensaje de SQL forzado resultante. • https://www.exploit-db.com/exploits/30197 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html http://www.netvigilance.com/advisory0032 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471619/100/0/threaded http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34894 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. WSportal version 1.0 suffers from a SQL injection vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html http://www.netvigilance.com/advisory0033 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471629/100/0/threaded http://www.securityfocus.com/bid/24513 http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34896 •