CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0418
https://notcve.org/view.php?id=CVE-2007-0418
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. BEA WebLogic Server 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP5, 9.0, y 9.1 no hace cmplir las políticas de seguridad que declara los permisos para los métodos EJB que tienen parámetros array, lo cual permite a atacantes remotos obtener acceso no autorizado a e... • http://dev2dev.bea.com/pub/advisory/212 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0425
https://notcve.org/view.php?id=CVE-2007-0425
23 Jan 2007 — Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. Vulnerabilidad no especificada en BEA WebLogic Platform and Server 8.1 hasta 8.1 SP5, y JRockit 1.4.2 R4.5 y anteriores, permite a los atacantes obtener privilegios a través de vectores no especificados, relacionados con una "condición de desbordamiento", probablement... • http://dev2dev.bea.com/pub/advisory/222 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1744
https://notcve.org/view.php?id=CVE-2005-1744
24 May 2005 — BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 • CWE-459: Incomplete Cleanup •
CVSS: 5.3EPSS: 6%CPEs: 9EXPL: 2CVE-2003-0621 – BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation
https://notcve.org/view.php?id=CVE-2003-0621
05 Nov 2003 — The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos determinar la existencia de ficheros fuera de la raíz web mediante rutas modificadas en el argumento INFILE. • https://www.exploit-db.com/exploits/23312 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2003-0622
https://notcve.org/view.php?id=CVE-2003-0622
05 Nov 2003 — The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (cuelgue) mediante argumentos de nombre de ruta que contienen nombres de dispositivos de MS-DOS como CON o AUX. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2003-0623
https://notcve.org/view.php?id=CVE-2003-0623
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. Vulnerabilidad de scripts en sitios cruzados en la consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos inyectar script web arbitrario mediante una argumento INFILE. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 31%CPEs: 1EXPL: 3CVE-2001-0098 – BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0098
02 Feb 2001 — Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. • https://www.exploit-db.com/exploits/20516 •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 0CVE-2000-0681
https://notcve.org/view.php?id=CVE-2000-0681
13 Oct 2000 — Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html •