Filtered by vendor Bea
Subscribe
Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2018-10-15 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2007-6198 | 1 Bea | 1 Aqualogic Interaction | 2018-10-15 | 5.0 MEDIUM | N/A |
| portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. | |||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
| CVE-2004-0204 | 4 Bea, Borland Software, Businessobjects and 1 more | 9 Weblogic Server, J Builder, Crystal Enterprise and 6 more | 2018-10-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. | |||||
| CVE-2005-4749 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. | |||||
| CVE-2005-4751 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. | |||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | |||||
| CVE-2005-4753 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. | |||||
| CVE-2005-4754 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." | |||||
| CVE-2005-4755 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. | |||||
| CVE-2005-4756 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | |||||
| CVE-2005-4757 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. | |||||
| CVE-2005-4758 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | |||||
| CVE-2005-4760 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | |||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
| CVE-2000-0500 | 1 Bea | 1 Weblogic Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | |||||
| CVE-2008-3257 | 3 Bea, Bea Systems, Oracle | 4 Weblogic Server, Apache Connector In Weblogic Server, Weblogic Server and 1 more | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | |||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | |||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2017-07-29 | 6.4 MEDIUM | N/A |
| The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | |||||
| CVE-2007-2705 | 1 Bea | 2 Weblogic Integration, Weblogic Workshop | 2017-07-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. | |||||