CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0418
https://notcve.org/view.php?id=CVE-2007-0418
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. BEA WebLogic Server 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP5, 9.0, y 9.1 no hace cmplir las políticas de seguridad que declara los permisos para los métodos EJB que tienen parámetros array, lo cual permite a atacantes remotos obtener acceso no autorizado a e... • http://dev2dev.bea.com/pub/advisory/212 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0425
https://notcve.org/view.php?id=CVE-2007-0425
23 Jan 2007 — Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. Vulnerabilidad no especificada en BEA WebLogic Platform and Server 8.1 hasta 8.1 SP5, y JRockit 1.4.2 R4.5 y anteriores, permite a los atacantes obtener privilegios a través de vectores no especificados, relacionados con una "condición de desbordamiento", probablement... • http://dev2dev.bea.com/pub/advisory/222 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1744
https://notcve.org/view.php?id=CVE-2005-1744
24 May 2005 — BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 • CWE-459: Incomplete Cleanup •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 31%CPEs: 1EXPL: 3CVE-2001-0098 – BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0098
02 Feb 2001 — Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. • https://www.exploit-db.com/exploits/20516 •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 0CVE-2000-0681
https://notcve.org/view.php?id=CVE-2000-0681
13 Oct 2000 — Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html •
CVSS: 10.0EPSS: 5%CPEs: 3EXPL: 2CVE-2000-0685 – Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2000-0685
13 Oct 2000 — BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. • https://www.exploit-db.com/exploits/20125 •
CVSS: 10.0EPSS: 5%CPEs: 3EXPL: 2CVE-2000-0684 – NetZero ZeroPort 3.0 - Weak Encryption Method
https://notcve.org/view.php?id=CVE-2000-0684
13 Oct 2000 — BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. • https://www.exploit-db.com/exploits/20081 •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 2CVE-2000-0500 – BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
https://notcve.org/view.php?id=CVE-2000-0500
21 Jun 2000 — The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. • https://www.exploit-db.com/exploits/20027 •