CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0903
https://notcve.org/view.php?id=CVE-2008-0903
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuyó antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegación de servicio (caída del servidor web) a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/275 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019450 http://www.vupen.com/english/advisories/2008/0608/references •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0904
https://notcve.org/view.php?id=CVE-2008-0904
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad sin especificar en el servlet download de BEA Plumtree Collaboration de 4.1 a SP2 y AquaLogic Interaction de 4.2 a MP1 permite a atacantes remotos leer archivos de su elección a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/276 http://osvdb.org/41881 http://secunia.com/advisories/28991 http://www.securitytracker.com/id?1019437 http://www.vupen.com/english/advisories/2008/0607/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0863
https://notcve.org/view.php?id=CVE-2008-0863
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. BEA WebLogic Server y WebLogic Express 9.0 y 9.1 muestra el servicio web WSDL y políticas de seguridad, esto permite a atacantes remotos obtener información sensible y potencialmente lanzar ataques adicionales. • http://dev2dev.bea.com/pub/advisory/260 http://www.securitytracker.com/id?1019455 http://www.vupen.com/english/advisories/2008/0612/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-0864
https://notcve.org/view.php?id=CVE-2008-0864
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. Admin Tools en BEA WebLogic Portal 8.1 SP3 al SP6, involuntariamente puede eliminar los derechos para páginas cuando un administrador edita la etiqueta de definición de página, que podría permitir a atacantes remotos evitar las restricciones de acceso planeadas. • http://dev2dev.bea.com/pub/advisory/256 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019454 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0CVE-2008-0865
https://notcve.org/view.php?id=CVE-2008-0865
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. Vulnerabilidad no especificada en BEA WebLogic Portal 8.1 hasta SP6 permite a atacantes remotos evitar los derechos para las instancias de un portlet WLP flotable mediante vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/257 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019451 http://www.vupen.com/english/advisories/2008/0613 • CWE-264: Permissions, Privileges, and Access Controls •