Page 20 of 118 results (0.009 seconds)

CVSS: 6.8EPSS: 3%CPEs: 15EXPL: 4

Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. • https://www.exploit-db.com/exploits/25546 http://marc.info/?l=bugtraq&m=111472745503010&w=2 http://secunia.com/advisories/15128 http://securitytracker.com/alerts/2005/Apr/1013817.html http://www.osvdb.org/15895 http://www.red-database-security.com/advisory/bea_css_in_admin_console.html http://www.securityfocus.com/bid/13400 https://exchange.xforce.ibmcloud.com/vulnerabilities/20276 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp http://secunia.com/advisories/14298 •

CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp http://secunia.com/advisories/10728 http://www.kb.cert.org/vuls/id/350350 http://www.securityfocus.com/bid/9501 https://exchange.xforce.ibmcloud.com/vulnerabilities/14957 •

CVSS: 5.0EPSS: 1%CPEs: 15EXPL: 0

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. • http://dev2dev.bea.com/pub/advisory/7 http://secunia.com/advisories/11864 http://securitytracker.com/id?1010492 http://www.osvdb.org/7076 http://www.securityfocus.com/bid/10544 https://exchange.xforce.ibmcloud.com/vulnerabilities/16419 •

CVSS: 5.8EPSS: 0%CPEs: 85EXPL: 0

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. • http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •