CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2007-6384
https://notcve.org/view.php?id=CVE-2007-6384
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. Vulnerabilidad no especificada en la funcionalidad Image Converter de BEA WebLogic Mobility Server 3.3, 3.5, y 3.6 hasta la 3.6 SP1. Permite que atacantes remotos obtengan el fichero de solicitud y acceso a recursos, a través de vectores sin especificar. • http://dev2dev.bea.com/pub/advisory/255 http://osvdb.org/41880 http://secunia.com/advisories/28078 http://www.securitytracker.com/id?1019091 http://www.vupen.com/english/advisories/2007/4204 https://exchange.xforce.ibmcloud.com/vulnerabilities/39005 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 3CVE-2007-6198 – BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6198
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. El elemento portal/server.pt en el portal Plumtree de BEA AquaLogic Interaction, desde la versión 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite usar caracteres comodín (*) en búsquedas avanzadas para nombres de usuario, lo que permite que atacantes remotos obtengan listas de usuarios válidos usando el parámetro in_tx_fulltext. • https://www.exploit-db.com/exploits/30822 http://procheckup.com/Vulnerability_PR06-11.php http://secunia.com/advisories/27840 http://www.securityfocus.com/archive/1/484469/100/0/threaded http://www.securityfocus.com/bid/26620 http://www.securitytracker.com/id?1019004 http://www.vupen.com/english/advisories/2007/4040 •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 2CVE-2007-6197
https://notcve.org/view.php?id=CVE-2007-6197
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. El portal Plumtree de BEA AquaLogic Interaction, de la versión 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite que atacantes remotos obtengan números de versión y nombres de máquinas internas, leyendo los comentarios en el código HTML de cualquiera de sus páginas. • http://procheckup.com/Vulnerability_PR06-08.php http://procheckup.com/Vulnerability_PR06-09.php http://secunia.com/advisories/27840 http://www.securityfocus.com/archive/1/484467/100/0/threaded http://www.securitytracker.com/id?1019005 http://www.vupen.com/english/advisories/2007/4040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2007-5576
https://notcve.org/view.php?id=CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls. • http://dev2dev.bea.com/pub/advisory/226 http://osvdb.org/45478 http://www.vupen.com/english/advisories/2007/1813 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2007-4618
https://notcve.org/view.php?id=CVE-2007-4618
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. Vulnerabilidad sin especificar en el BEA WebLogic Server 6.1 Gold hata el SP7 y el 7.0 Gold hasta el SP7, permite a atacantes remotos provocar una denegación de servicio (agotamiento de disco) a través de ciertas cabeceras HTTP malformadas. • http://dev2dev.bea.com/pub/advisory/247 http://osvdb.org/38517 http://secunia.com/advisories/26539 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/3008 https://exchange.xforce.ibmcloud.com/vulnerabilities/36321 • CWE-399: Resource Management Errors •