CVE-2007-5576
https://notcve.org/view.php?id=CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls. • http://dev2dev.bea.com/pub/advisory/226 http://osvdb.org/45478 http://www.vupen.com/english/advisories/2007/1813 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-1358
https://notcve.org/view.php?id=CVE-2006-1358
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. • ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip http://dev2dev.bea.com/pub/advisory/182 http://secunia.com/advisories/19308 http://securitytracker.com/id?1015791 http://www.securityfocus.com/bid/17164 http://www.vupen.com/english/advisories/2006/1022 https://exchange.xforce.ibmcloud.com/vulnerabilities/25345 •
CVE-2006-0428
https://notcve.org/view.php?id=CVE-2006-0428
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.osvdb.org/22767 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24293 •
CVE-2006-0425
https://notcve.org/view.php?id=CVE-2006-0425
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24297 •
CVE-2006-0423
https://notcve.org/view.php?id=CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705 •