Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote malicious user to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Bea Weblogic Server 5.1
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 4.0
1 EDB exploit
NA
CVE-2008-0899
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 up to and including 10.0 allows remote malicious users to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
NA
CVE-2007-6197
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 up to and including 5.0.4 and 6.0.1.218452 allows remote malicious users to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
Bea Aqualogic Interaction 6.0.1.218452
Bea Aqualogic Interaction 5.0.2
Bea Aqualogic Interaction 5.0.3
Bea Aqualogic Interaction 5.0.4
NA
CVE-2007-6198
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 up to and including 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote malicious users to enumerate valid usernames via the in_tx_fulltext parameter.
Bea Aqualogic Interaction 6.0.1.218452
Bea Aqualogic Interaction 5.0.2
Bea Aqualogic Interaction 5.0.3
Bea Aqualogic Interaction 5.0.4
1 EDB exploit
NA
CVE-2008-0898
The distributed queue feature in JMS in BEA WebLogic Server 9.0 up to and including 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access ...
Bea Weblogic Server 9.2
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
NA
CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 up to and including 8.1 SP 1 allows remote malicious users to cause a denial of service (proxy plugin crash) via a malformed URL.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
NA
CVE-2003-1223
The Node Manager for BEA WebLogic Express and Server 6.1 up to and including 8.1 SP 1 allows remote malicious users to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
NA
CVE-2007-2697
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote malicious users to more easily conduct brute-force atta...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
NA
CVE-2008-0897
Unspecified vulnerability in BEA WebLogic Server 9.0 up to and including 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member dest...
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
NA
CVE-2007-0410
Unspecified vulnerability in the thread management in BEA WebLogic 7.0 up to and including 7.0 SP6, 8.1 up to and including 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote malicious users to cause a denial of service (thread and system hang) via unspecified &...
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 7.0
Bea Weblogic Server 9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »