Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 up to and including 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended f...
Bea Weblogic Server 7.0
Bea Weblogic Server 5.1
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
NA
CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and previous versions, 7.0 SP4 and previous versions, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote malicious users to steal information using cross-site tracin...
Bea Weblogic Server 5.1
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
NA
CVE-2002-1030
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote malicious users to cause a denial of service (crash) via a flood of data and connections.
Bea Weblogic Server 5.1
Bea Weblogic Server 6.1
Bea Weblogic Server 6.0
Bea Weblogic Server 7.0
NA
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote malicious user to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Bea Weblogic Server 5.1
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 4.0
1 EDB exploit
NA
CVE-2003-0733
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 up to and including 7.0, allow remote malicious users to execute arbitrary web script and steal authentication credentials via (1) a forwa...
Bea Weblogic Server 5.1
Bea Weblogic Integration 2.0
Bea Liquid Data 1.1
Bea Weblogic Integration 7.0
Bea Weblogic Server 7.0
NA
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
Bea Tuxedo 8.0
Bea Weblogic Integration 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Integration 9.2
Bea Weblogic Server 5.1
Bea Weblogic Server 9.1
Bea Tuxedo 8.1
Oracle Weblogic Portal 9.2
NA
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 4.5.1
Bea Weblogic Server 7.0
Bea Weblogic Server 9.2
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 6.0
Bea Weblogic Server 5.1
Oracle Weblogic Server
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Systems Weblogic Server 10.0 Mp1
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.0
2 EDB exploits
1 Github repository
NA
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
1 EDB exploit
NA
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
NA
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »