Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-0415
BEA WebLogic Server 8.1 up to and including 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows malicious users to bypass intended access restrictions.
Bea Weblogic Server
Bea Weblogic Server 8.1
505
VMScore
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
1 EDB exploit
445
VMScore
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
383
VMScore
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
409
VMScore
CVE-2006-0421
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges th...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
187
VMScore
CVE-2006-0427
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
Bea Weblogic Server 9.0
Bea Weblogic Server 8.1
409
VMScore
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
668
VMScore
CVE-2005-4756
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not properly validate derived Principals with multiple PrincipalValidators, which might allow malicious users to gain privileges.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
668
VMScore
CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
454
VMScore
CVE-2005-4760
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prev...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »