Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weblogic server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote malicious users to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-1742
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Oracle Weblogic Portal 8.0
Bea Weblogic Server 8.1
NA
CVE-2005-1745
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for malicious users to guess the correct password.
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
NA
CVE-2005-1748
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote malicious users to view user entries or cause a denial of service.
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
NA
CVE-2005-1749
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote malicious users to cause a denial of service (CPU consumption from thread looping).
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
NA
CVE-2005-1743
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
Oracle Weblogic Portal 8.0
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-1746
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote malicious users to cause a denial of service (cluster slowdown) via modified cooki...
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Oracle Weblogic Portal 8.0
NA
CVE-2005-1747
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote malicious users to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_usern...
Oracle Weblogic Portal 8.0
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Bea Weblogic Integration 8.1
Bea Weblogic Integration 9.2
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Server 9.0
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Oracle Weblogic Portal 9.2
Bea Weblogic Server 5.1
NA
CVE-2007-0409
BEA WebLogic 7.0 up to and including 7.0 SP6, 8.1 up to and including 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Bea Weblogic Server 9.0
Bea Weblogic Server
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »