Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and previous versions allows remote malicious users to inject malicious web script via the person parameter.
Bea Weblogic Server
Bea Weblogic Server 3.1.8
1 EDB exploit
5
CVSSv2
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
1 EDB exploit
5
CVSSv2
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
4.3
CVSSv2
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Weblogic Server 5.0.1
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
2.1
CVSSv2
CVE-2003-1224
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows malicious users to read a user's password by physically observing ("shoulder surfing") the screen.
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
2.1
CVSSv2
CVE-2003-1225
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
5
CVSSv2
CVE-2006-0420
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote malicious users to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overf...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
4.6
CVSSv2
CVE-2006-0421
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges th...
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
7.1
CVSSv2
CVE-2007-2699
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
4.6
CVSSv2
CVE-2007-2701
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote malicious users to bypass the security access policy and "send unauthorized...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »