2905 matches found
CVE-2003-1224
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing "shoulder surfing" the screen...
CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL t3s is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions...
CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service proxy plugin crash via a malformed URL...
CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user...
CVE-2003-0733
Multiple cross-site scripting XSS vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via 1 a forward instruction to the Servlet container...
Nokia Electronic Documentation 5.0 - Path Disclosure
Nokia Electronic Documentation 5.0 - Path Disclosure source: https://www.securityfocus.com/bid/8624/info Nokia Electronic Documentation NED is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot . to a request for a...
CVE-2003-0640
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges...
BEA WebLogic Server code execution paths may cause the current user to be incorrect
Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...
CVE-2003-0640
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges...
CVE-2003-0640
BEA WebLogic Server and Express are affected when NodeManager is used to start servers. Operator users can overwrite usernames and passwords, which may enable escalation to Admin privileges. The available documents confirm this description but do not specify affected versions or concrete exploit ...
BEA WebLogic Server and Express 7.x Passwords Disclosure
------------------------------------------------------------ BEA WebLogic Server and Express 7.x Passwords Disclosure ------------------------------------------------------------ Affected Versions ----------------- BEA WebLogic Server 7.x BEA WebLogic Express 7.x ADVISORY -------- This...
WebLogic Multiple Method Cleartext Password Disclosure
The remote web server is running WebLogic 7.0 or 7.0.0.1. There is a bug in these versions that could allow a local attacker to recover a WebLogic password if the screen of the WebLogic server is visible. In addition, a local user may be able to view cryptographic secrets, thereby facilitating...
WebLogic Crafted GET Request Hostname Disclosure
The remote WebLogic server discloses its NetBIOS host name when it is issued a request generating a redirection. An attacker may use this information to better prepare other attacks against this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-2002-1030
Technical details (affected components, root cause, impact, remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2002-1030
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service crash via a flood of data and connections...
BEA WebLogic Server fails to discard cached authentication information when web applications are updated
Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...
CVE-2003-0151
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...
CVE-2003-0151
CVE-2003-0151 affects BEA WebLogic Server and Express versions 6.0–7.0. The vulnerability is an access-control flaw in internal admin servlets that may allow remote attackers to read arbitrary files or execute arbitrary code. The connected sources confirm the affected products and the nature of t...
CVE-2003-0151
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...
CVE-2003-1095
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...