CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2576
https://notcve.org/view.php?id=CVE-2008-2576
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 9.2, 9.1, 9.0 y 8.1 SP6, presenta un impacto desconocido y vectores de ataque locales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-2582
https://notcve.org/view.php?id=CVE-2008-2582
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6 y 7.0 SP7, presenta un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-2581
https://notcve.org/view.php?id=CVE-2008-2581
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6 y 7.0 SP7, presenta un impacto desconocido y vectores de ataque remotos relacionados con UDDI Explorer. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2578
https://notcve.org/view.php?id=CVE-2008-2578
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 y 9.2 MP1, presenta un impacto desconocido y vectores de ataque locales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 99EXPL: 0CVE-2008-2579
https://notcve.org/view.php?id=CVE-2008-2579
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server Plugins para Apache, servidores web Sun e IIS en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7 y 6.1 SP7, presenta un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0897
https://notcve.org/view.php?id=CVE-2008-0897
22 Feb 2008 — Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. Vulnerabilidad no especificada en BEA WebLogic Server de 9.0 a 10.0 permite a usuarios autentificados remotamente sin los permisos "receive (recibir)" evitar las restricciones de acceso previstas y recibir mensa... • http://dev2dev.bea.com/pub/advisory/267 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-0901
https://notcve.org/view.php?id=CVE-2008-0901
22 Feb 2008 — BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. BEA WebLogic Server y Express de 7.0 a 10.0 permite a atacantes remotos llevar a cabo ataques para adivinar contraseñas mediante fuerza bruta, incluso cuando se ha activado el cierre de cuenta, a través de URLs manipulados que indican si la contraseña supuesta es... • http://dev2dev.bea.com/pub/advisory/271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2008-0902
https://notcve.org/view.php?id=CVE-2008-0902
22 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en BEA WebLogic Server y Express de 6.1 a 10.0 MP1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de muestras no especificadas. NOTA: pod... • http://dev2dev.bea.com/pub/advisory/273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0903
https://notcve.org/view.php?id=CVE-2008-0903
22 Feb 2008 — Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuyó antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegación de servicio (caída del servidor web) a través de un URL manipul... • http://dev2dev.bea.com/pub/advisory/275 •
CVSS: 8.1EPSS: 4%CPEs: 11EXPL: 0CVE-2008-0900
https://notcve.org/view.php?id=CVE-2008-0900
22 Feb 2008 — Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Vulnerabilidad de fijación de sesión en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a través de vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/270 • CWE-264: Permissions, Privileges, and Access Controls •