Lucene search
+L

2905 matches found

NVD
NVD
added 2003/12/31 5:0 a.m.20 views

CVE-2003-1224

Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing "shoulder surfing" the screen...

2.1CVSS6.6AI score0.00365EPSS
Exploits0References2
NVD
NVD
added 2003/12/31 5:0 a.m.14 views

CVE-2003-1221

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL t3s is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions...

5CVSS6.6AI score0.00872EPSS
Exploits0References2
NVD
NVD
added 2003/12/31 5:0 a.m.20 views

CVE-2003-1220

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service proxy plugin crash via a malformed URL...

5CVSS6.7AI score0.01227EPSS
Exploits0References2
NVD
NVD
added 2003/12/31 5:0 a.m.10 views

CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user...

4.3CVSS6.7AI score0.00696EPSS
Exploits0References4
NVD
NVD
added 2003/10/20 4:0 a.m.13 views

CVE-2003-0733

Multiple cross-site scripting XSS vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via 1 a forward instruction to the Servlet container...

6.8CVSS6.5AI score0.01341EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/09/15 12:0 a.m.22 views

Nokia Electronic Documentation 5.0 - Path Disclosure

Nokia Electronic Documentation 5.0 - Path Disclosure source: https://www.securityfocus.com/bid/8624/info Nokia Electronic Documentation NED is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot . to a request for a...

Exploits0
NVD
NVD
added 2003/08/27 4:0 a.m.20 views

CVE-2003-0640

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges...

10CVSS6.8AI score0.01974EPSS
Exploits0References2
CERT
CERT
added 2003/08/05 12:0 a.m.24 views

BEA WebLogic Server code execution paths may cause the current user to be incorrect

Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...

7.4AI score
Exploits0References4
Cvelist
Cvelist
added 2003/08/02 4:0 a.m.24 views

CVE-2003-0640

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges...

6.8AI score0.01974EPSS
Exploits0References2
CVE
CVE
added 2003/08/02 4:0 a.m.69 views

CVE-2003-0640

BEA WebLogic Server and Express are affected when NodeManager is used to start servers. Operator users can overwrite usernames and passwords, which may enable escalation to Admin privileges. The available documents confirm this description but do not specify affected versions or concrete exploit ...

10CVSS7.2AI score0.01974EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2003/05/15 12:0 a.m.32 views

BEA WebLogic Server and Express 7.x Passwords Disclosure

------------------------------------------------------------ BEA WebLogic Server and Express 7.x Passwords Disclosure ------------------------------------------------------------ Affected Versions ----------------- BEA WebLogic Server 7.x BEA WebLogic Express 7.x ADVISORY -------- This...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/14 12:0 a.m.36 views

WebLogic Multiple Method Cleartext Password Disclosure

The remote web server is running WebLogic 7.0 or 7.0.0.1. There is a bug in these versions that could allow a local attacker to recover a WebLogic password if the screen of the WebLogic server is visible. In addition, a local user may be able to view cryptographic secrets, thereby facilitating...

2.1CVSS5.5AI score0.00399EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2003/05/08 12:0 a.m.38 views

WebLogic Crafted GET Request Hostname Disclosure

The remote WebLogic server discloses its NetBIOS host name when it is issued a request generating a redirection. An attacker may use this information to better prepare other attacks against this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5.5AI score
Exploits0References1
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-1030

Technical details (affected components, root cause, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

2.6CVSS7AI score0.01371EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.21 views

CVE-2002-1030

Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service crash via a flood of data and connections...

6.6AI score0.01371EPSS
Exploits0References5
CERT
CERT
added 2003/03/26 12:0 a.m.18 views

BEA WebLogic Server fails to discard cached authentication information when web applications are updated

Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...

6.8AI score
Exploits0References2
NVD
NVD
added 2003/03/24 5:0 a.m.18 views

CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...

7.5CVSS7.3AI score0.03948EPSS
Exploits0References6
CVE
CVE
added 2003/03/21 5:0 a.m.52 views

CVE-2003-0151

CVE-2003-0151 affects BEA WebLogic Server and Express versions 6.0–7.0. The vulnerability is an access-control flaw in internal admin servlets that may allow remote attackers to read arbitrary files or execute arbitrary code. The connected sources confirm the affected products and the nature of t...

7.5CVSS7.3AI score0.03948EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2003/03/21 5:0 a.m.26 views

CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...

7.3AI score0.03948EPSS
Exploits0References6
NVD
NVD
added 2003/03/18 5:0 a.m.18 views

CVE-2003-1095

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...

4.6CVSS6.7AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder