CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags."...

6.8CVSS6.4AI score0.00803EPSS

Exploits1References6

Prion•added 2008/10/14 9:11 p.m.•8 views

Code injection

6.8CVSS7AI score0.00803EPSS

Exploits1References6Affected Software1

Cvelist•added 2008/10/14 9:0 p.m.•20 views

CVE-2008-4012

Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows."...

6.4AI score0.00858EPSS

Exploits1References6

CVE•added 2008/10/14 9:0 p.m.•42 views

CVE-2008-4010

The CVE-2008-4010 issue pertains to BEA WebLogic Workshop (WebLogic Workshop) in BEA Product Suite 10.3/10.2/10.0 MP1/9.2 MP3/8.1 SP6, where a vulnerability related to NetUI tags could allow remote access to affect confidentiality, integrity, and availability. The underlying cause is not clearly ...

6.8CVSS6.5AI score0.00803EPSS

Exploits1References6Affected Software1

Cvelist•added 2008/10/14 9:0 p.m.•14 views

CVE-2008-4010

6.4AI score0.00803EPSS

Exploits1References6

CVE•added 2008/10/14 9:0 p.m.•44 views

CVE-2008-4012

CVE-2008-4012 affects BEA WebLogic Workshop WLW 8.1SP5 (NetUI pageflows). Descriptions describe an unspecified remote vulnerability impacting confidentiality, integrity, and availability via unknown vectors. Connected documents corroborate WebLogic/WebLogic Workshop context and reference Oracle C...

5.1CVSS6.4AI score0.00858EPSS

Exploits1References6Affected Software1

Prion•added 2008/02/21 1:44 a.m.•8 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows...

4.3CVSS6.1AI score0.00285EPSS

Exploits0References4Affected Software1

CVE•added 2008/02/21 1:0 a.m.•34 views

CVE-2008-0866

CVE-2008-0866 affects BEA WebLogic Workshop (via NetUI page flows) and is caused by cross-site scripting vulnerabilities where an invalid action URI is not properly handled, enabling injection of arbitrary script/HTML. The NVD entry documents the weakness and its CVSS v2 base score of 4.3 (Medium...

4.3CVSS5.8AI score0.00285EPSS

Exploits0References4Affected Software1

CVE•added 2008/02/21 1:0 a.m.•45 views

CVE-2008-0869

CVE-2008-0869 describes a cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 (SP6) and Workshop for WebLogic 9.0–10.0. The issue allows remote attackers to inject arbitrary web script/HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehiv...

4.3CVSS5.7AI score0.00351EPSS

Exploits0References5Affected Software3

Cvelist•added 2008/02/21 1:0 a.m.•11 views

CVE-2008-0869

Cross-site scripting XSS vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with...

5.7AI score0.00351EPSS

Exploits0References5

Cvelist•added 2008/02/21 1:0 a.m.•14 views

CVE-2008-0866

5.8AI score0.00285EPSS

Exploits0References4

Prion•added 2007/05/16 1:19 a.m.•13 views

Directory traversal

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory wlwdir parent directory via unspecified vectors...

7.8CVSS7.2AI score0.00597EPSS

Exploits0References5Affected Software2

CVE•added 2007/05/16 1:0 a.m.•42 views

CVE-2007-2705

The CVE-2007-2705 entry describes a directory-traversal vulnerability in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, triggered when deployed in an exploded format. The issue resides in the Test View Console and allows remote attackers to list a WebLogic Work...

7.8CVSS6.7AI score0.00597EPSS

Exploits0References5Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by