CVE-2008-0904
https://notcve.org/view.php?id=CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad sin especificar en el servlet download de BEA Plumtree Collaboration de 4.1 a SP2 y AquaLogic Interaction de 4.2 a MP1 permite a atacantes remotos leer archivos de su elección a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/276 http://osvdb.org/41881 http://secunia.com/advisories/28991 http://www.securitytracker.com/id?1019437 http://www.vupen.com/english/advisories/2008/0607/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0867
https://notcve.org/view.php?id=CVE-2008-0867
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo portal/server.pt en BEA AquaLogic Interaction versión 6.1 hasta MP1 y Plumtree Foundation versión 6.0 hasta SP1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro name. • http://dev2dev.bea.com/pub/advisory/259 http://secunia.com/advisories/29040 http://www.procheckup.com/Vulnerability_PR06-12.php http://www.securityfocus.com/archive/1/488346/100/100/threaded http://www.securitytracker.com/id?1019440 http://www.vupen.com/english/advisories/2008/0610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •