Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle weblogic portal 8.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0864
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote malicious users to bypass intended access restrictions.
Bea Systems Weblogic Portal 8.1 Sp6
Oracle Weblogic Portal 8.1
NA
CVE-2008-0865
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote malicious users to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
Oracle Weblogic Portal 8.1
Bea Systems Weblogic Portal 8.1 Sp6
NA
CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows malicious users to gain privileges.
Oracle Weblogic Portal 8.1
NA
CVE-2006-0425
BEA WebLogic Portal 8.1 through SP4 allows remote malicious users to obtain the source for a deployment descriptor file via unknown vectors.
Oracle Weblogic Portal 8.1
NA
CVE-2005-2680
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote malicious users to bypass access restrictions for the pages of a Book via crafted URLs.
Oracle Weblogic Portal 8.1
NA
CVE-2006-0428
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote malicious users to access restricted web resources via crafted URLs.
Oracle Weblogic Portal 8.1
NA
CVE-2006-1358
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
Oracle Weblogic Portal 8.1
NA
CVE-2005-1747
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote malicious users to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_usern...
Oracle Weblogic Portal 8.0
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-1742
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Oracle Weblogic Portal 8.0
Bea Weblogic Server 8.1
NA
CVE-2005-1745
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for malicious users to guess the correct password.
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »