Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 8.1 vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
5
CVSSv2
CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and previous versions, and 8.1 Service Pack 3 and previous versions, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote malicious users to guess passwords via brute force a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
10
CVSSv2
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 5.1
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Weblogic Server 6.0
Bea Weblogic Server 9.2
Bea Weblogic Server 4.0
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.5
Bea Systems Weblogic Server 10.0 Mp1
Oracle Weblogic Server
2 EDB exploits
1 Github repository
5
CVSSv2
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
1 EDB exploit
5
CVSSv2
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
4.3
CVSSv2
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Weblogic Server 5.0.1
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
2.1
CVSSv2
CVE-2005-4755
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in clea...
Bea Weblogic Server 8.1
6.8
CVSSv2
CVE-2005-1380
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote malicious users to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
Bea Weblogic Server 8.1
1 EDB exploit
5
CVSSv2
CVE-2003-1222
BEA Weblogic Express and Server 8.0 up to and including 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow malicious users to obtain the passwo...
Bea Weblogic Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »