Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 9.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-0416
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote malicious users to bypass application security.
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
4
CVSSv2
CVE-2007-2700
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
5
CVSSv2
CVE-2008-0863
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote malicious users to obtain sensitive information and potentially launch further attacks.
Bea Weblogic Server 9.1
Bea Weblogic Server 9.0
7.1
CVSSv2
CVE-2007-2699
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
6.4
CVSSv2
CVE-2010-2375
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote malicious users to affect confidentiality and inte...
Oracle Weblogic Server 10.3.2.0.0
Bea Weblogic Server 9.2
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Systems Weblogic Server 10.0
Oracle Weblogic Server 10.3.3.0.0
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
1 EDB exploit
10
CVSSv2
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 5.1
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Weblogic Server 6.0
Bea Weblogic Server 9.2
Bea Weblogic Server 4.0
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.5
Bea Systems Weblogic Server 10.0 Mp1
Oracle Weblogic Server
2 EDB exploits
1 Github repository
6.8
CVSSv2
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Bea Weblogic Integration 8.1
Bea Weblogic Integration 9.2
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Server 9.0
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Oracle Weblogic Portal 9.2
Bea Weblogic Server 5.1
7.5
CVSSv2
CVE-2007-4614
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow malicious users to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
Bea Weblogic Server 9.1
5.1
CVSSv2
CVE-2008-2581
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.
Oracle Bea Product Suite 10.0
Oracle Bea Product Suite 7.0
Oracle Weblogic Server Component 8.1
Oracle Weblogic Server Component 9.0
Oracle Bea Product Suite 8.1
Oracle Bea Product Suite 9.0
Oracle Weblogic Server Component 9.1
Oracle Weblogic Server Component 9.2
Oracle Bea Product Suite 9.1
Oracle Bea Product Suite 9.2
Oracle Weblogic Server Component 10.0
Oracle Weblogic Server Component 7.0
5
CVSSv2
CVE-2008-2580
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors.
Oracle Bea Product Suite
Oracle Bea Product Suite 10.0
Oracle Bea Product Suite 9.0
Oracle Bea Product Suite 9.1
Oracle Bea Product Suite 9.2
Oracle Weblogic Server Component
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »