Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea systems vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote malicious users to read arbitrary files via a crafted URL.
Bea Systems Plumtree Collaboration 4.1 Sp2
Bea Systems Aqualogic Interaction 4.2
Bea Systems Plumtree Collaboration 4.1 Sp1
Bea Systems Plumtree Collaboration 4.1
Bea Systems Aqualogic Interaction 4.2 Mp1
383
VMScore
CVE-2008-0903
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and prior to 9.2 MP3 and 10.0 MP2, allows remote malicious users to cause a denial of service (web server crash) via a crafted URL.
Bea Systems Weblogic Server
Bea Systems Weblogic Express
536
VMScore
CVE-2008-0900
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Bea Weblogic Server 9.2
Bea Weblogic Server 8.1
Bea Systems Weblogic Express 10.0
Bea Weblogic Server 10.0
Bea Systems Weblogic Express 9.2
436
VMScore
CVE-2008-0896
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows malicious users to bypass intended access restrictions.
Bea Systems Weblogic Portal 10.0
Bea Systems Weblogic Portal 9.2
383
VMScore
CVE-2008-0867
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Bea Systems Plumtree Foundation 6.0
Bea Systems Aqualogic Interaction 6.1
668
VMScore
CVE-2008-0870
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote malicious users to sniff the session.
Bea Systems Weblogic Portal 9.2
Bea Systems Weblogic Portal 10.0
Oracle Weblogic Portal 9.2
383
VMScore
CVE-2008-0869
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 up to and including 10.0 allows remote malicious users to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic ...
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Server 9.1
Bea Systems Weblogic 10.0
632
VMScore
CVE-2008-0901
BEA WebLogic Server and Express 7.0 up to and including 10.0 allows remote malicious users to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Bea Weblogic Server 7.0
Bea Weblogic Server 9.2
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Systems Weblogic Server 10.0 Mp1
383
VMScore
CVE-2008-0902
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 up to and including 10.0 MP1 allow remote malicious users to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 10.0
Bea Systems Weblogic Server 10.0 Mp1
Bea Weblogic Server 9.1
1000
VMScore
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 4.5.1
Bea Weblogic Server 7.0
Bea Weblogic Server 9.2
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 6.0
Bea Weblogic Server 5.1
Oracle Weblogic Server
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Systems Weblogic Server 10.0 Mp1
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.0
2 EDB exploits
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »