CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2008-0869
https://notcve.org/view.php?id=CVE-2008-0869
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en BEA WebLogic Workshop de 8.1 a SP6 y Workshop para WebLogic de 9.0 a 10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un "parámetro de petición de marco de trabajo definido" cuando se utiliza WebLogic Workshop o el marco de trabajo Apache Beehive NetUI con flujos de página. • http://dev2dev.bea.com/pub/advisory/263 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019438 http://www.vupen.com/english/advisories/2008/0611 http://www.vupen.com/english/advisories/2008/0612/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0863
https://notcve.org/view.php?id=CVE-2008-0863
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. BEA WebLogic Server y WebLogic Express 9.0 y 9.1 muestra el servicio web WSDL y políticas de seguridad, esto permite a atacantes remotos obtener información sensible y potencialmente lanzar ataques adicionales. • http://dev2dev.bea.com/pub/advisory/260 http://www.securitytracker.com/id?1019455 http://www.vupen.com/english/advisories/2008/0612/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2007-6384
https://notcve.org/view.php?id=CVE-2007-6384
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. Vulnerabilidad no especificada en la funcionalidad Image Converter de BEA WebLogic Mobility Server 3.3, 3.5, y 3.6 hasta la 3.6 SP1. Permite que atacantes remotos obtengan el fichero de solicitud y acceso a recursos, a través de vectores sin especificar. • http://dev2dev.bea.com/pub/advisory/255 http://osvdb.org/41880 http://secunia.com/advisories/28078 http://www.securitytracker.com/id?1019091 http://www.vupen.com/english/advisories/2007/4204 https://exchange.xforce.ibmcloud.com/vulnerabilities/39005 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2007-5576
https://notcve.org/view.php?id=CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls. • http://dev2dev.bea.com/pub/advisory/226 http://osvdb.org/45478 http://www.vupen.com/english/advisories/2007/1813 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2007-4617
https://notcve.org/view.php?id=CVE-2007-4617
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. Vulnerabilidad sin especificar en el BEA WebLogic Server 6.1 Gold hasta el SP7, el 7.0 Gold hasta el SP7 y el 8.1 Gold hasta el SP4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del hilo del servidor) a través de vectores sin especificar. • http://dev2dev.bea.com/pub/advisory/246 http://osvdb.org/38518 http://secunia.com/advisories/26539 http://www.vupen.com/english/advisories/2007/3008 https://exchange.xforce.ibmcloud.com/vulnerabilities/36319 • CWE-399: Resource Management Errors •