Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 6.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote malicious users to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 up to and including 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended f...
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 5.1
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
NA
CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows malicious users to gain privileges.
Bea Weblogic Server 6.0
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 6.1
Bea Weblogic Server 9.0
NA
CVE-2006-2472
Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
NA
CVE-2007-2695
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote mali...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
NA
CVE-2007-2694
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
NA
CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
NA
CVE-2007-0412
BEA WebLogic Server 6.1 up to and including 6.1 SP7, 7.0 up to and including 7.0 SP7, and 8.1 up to and including 8.1 SP5 allows remote malicious users to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-0422
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote malicious users to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0713
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remov...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »