CVE-2003-0622
https://notcve.org/view.php?id=CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (cuelgue) mediante argumentos de nombre de ruta que contienen nombres de dispositivos de MS-DOS como CON o AUX. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp http://marc.info/?l=bugtraq&m=106762000607681&w=2 http://www.securityfocus.com/bid/8931 https://exchange.xforce.ibmcloud.com/vulnerabilities/13560 •
CVE-2003-0621 – BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation
https://notcve.org/view.php?id=CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos determinar la existencia de ficheros fuera de la raíz web mediante rutas modificadas en el argumento INFILE. • https://www.exploit-db.com/exploits/23312 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp http://marc.info/?l=bugtraq&m=106762000607681&w=2 http://www.securityfocus.com/bid/8931 https://exchange.xforce.ibmcloud.com/vulnerabilities/13559 •
CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://marc.info/?l=bugtraq&m=106761926906781&w=2 http://www.securityfocus.com/bid/8938 https://exchange.xforce.ibmcloud.com/vulnerabilities/13568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2001-0098 – BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. • https://www.exploit-db.com/exploits/20516 http://archives.neohapsis.com/archives/bugtraq/2000-12/0331.html http://www.securityfocus.com/bid/2138 https://exchange.xforce.ibmcloud.com/vulnerabilities/5782 •
CVE-2000-0685 – Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2000-0685
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. • https://www.exploit-db.com/exploits/20125 http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html http://developer.bea.com/alerts/security_000731.html http://www.securityfocus.com/bid/1525 •