Page 23 of 119 results (0.017 seconds)

CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 3

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. • https://www.exploit-db.com/exploits/20516 http://archives.neohapsis.com/archives/bugtraq/2000-12/0331.html http://www.securityfocus.com/bid/2138 https://exchange.xforce.ibmcloud.com/vulnerabilities/5782 •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. • ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip http://www.securityfocus.com/bid/5089 https://exchange.xforce.ibmcloud.com/vulnerabilities/5588 •

CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 2

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. • https://www.exploit-db.com/exploits/20125 http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html http://developer.bea.com/alerts/security_000731.html http://www.securityfocus.com/bid/1525 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://developer.bea.com/alerts/security_000731.html http://www.osvdb.org/1481 http://www.securityfocus.com/bid/1518 •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html http://www.securityfocus.com/bid/1570 •