CVSS: 9.1EPSS: 16%CPEs: 8EXPL: 1CVE-2010-2375 – Oracle WebLogic Server 10.3.3 - Encoded URL
https://notcve.org/view.php?id=CVE-2010-2375
13 Jul 2010 — Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. Paquete/Privilegio: Plugins para Apache, Sun y servicios web IIS, vulnerabilidad no especificada en el componente WebLogic Server de Oracle Fusion Middleware v7.0 SP7, v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, v10.... • https://www.exploit-db.com/exploits/34312 •
CVSS: 10.0EPSS: 78%CPEs: 72EXPL: 2CVE-2008-3257 – Bea Weblogic Apache Connector - Code Execution / Denial of Service
https://notcve.org/view.php?id=CVE-2008-3257
22 Jul 2008 — Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Desbordamiento de búfer basado en pila en Apache Connector (mod_wl) en Oracle WebLogic Server (anteriormente BEA Weblogic Server) 10.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una cade... • https://www.exploit-db.com/exploits/6089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0897
https://notcve.org/view.php?id=CVE-2008-0897
22 Feb 2008 — Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. Vulnerabilidad no especificada en BEA WebLogic Server de 9.0 a 10.0 permite a usuarios autentificados remotamente sin los permisos "receive (recibir)" evitar las restricciones de acceso previstas y recibir mensa... • http://dev2dev.bea.com/pub/advisory/267 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0904
https://notcve.org/view.php?id=CVE-2008-0904
22 Feb 2008 — Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad sin especificar en el servlet download de BEA Plumtree Collaboration de 4.1 a SP2 y AquaLogic Interaction de 4.2 a MP1 permite a atacantes remotos leer archivos de su elección a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/276 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-0901
https://notcve.org/view.php?id=CVE-2008-0901
22 Feb 2008 — BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. BEA WebLogic Server y Express de 7.0 a 10.0 permite a atacantes remotos llevar a cabo ataques para adivinar contraseñas mediante fuerza bruta, incluso cuando se ha activado el cierre de cuenta, a través de URLs manipulados que indican si la contraseña supuesta es... • http://dev2dev.bea.com/pub/advisory/271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2008-0902
https://notcve.org/view.php?id=CVE-2008-0902
22 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en BEA WebLogic Server y Express de 6.1 a 10.0 MP1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de muestras no especificadas. NOTA: pod... • http://dev2dev.bea.com/pub/advisory/273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0896
https://notcve.org/view.php?id=CVE-2008-0896
22 Feb 2008 — BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. BEA WebLogic Portal 10.0 y de 9.2 a MP1, cuando un administrador elimina una instancia única de un portlet de contenido, elimina las políticas de derechos para otros portlets de contenido, lo que permite a atacantes evitar las restricciones de acceso previstas. • http://dev2dev.bea.com/pub/advisory/266 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0903
https://notcve.org/view.php?id=CVE-2008-0903
22 Feb 2008 — Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuyó antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegación de servicio (caída del servidor web) a través de un URL manipul... • http://dev2dev.bea.com/pub/advisory/275 •
CVSS: 8.1EPSS: 4%CPEs: 11EXPL: 0CVE-2008-0900
https://notcve.org/view.php?id=CVE-2008-0900
22 Feb 2008 — Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Vulnerabilidad de fijación de sesión en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a través de vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/270 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0899
https://notcve.org/view.php?id=CVE-2008-0899
22 Feb 2008 — Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Administration Console de BEA WebLogic Server y Express de 9.0 a 10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de URLs modifica... • http://dev2dev.bea.com/pub/advisory/269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •