CVE-2006-0428
https://notcve.org/view.php?id=CVE-2006-0428
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. • http://dev2dev.bea.com/pub/advisory/172 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.osvdb.org/22767 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24293 •
CVE-2006-0425
https://notcve.org/view.php?id=CVE-2006-0425
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. • http://dev2dev.bea.com/pub/advisory/169 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24297 •
CVE-2006-0423
https://notcve.org/view.php?id=CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705 •
CVE-2005-2680
https://notcve.org/view.php?id=CVE-2005-2680
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. • http://dev2dev.bea.com/pub/advisory/137 •
CVE-2005-1746
https://notcve.org/view.php?id=CVE-2005-1746
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. • http://dev2dev.bea.com/pub/advisory/129 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0606 •