Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

EUVD-2015-0495

Malware in sbrugna...

EUVD-2014-4196

Malware in sbrugna...

Malicious code in grape-wls-project (npm)

The package grape-wls-project was found to contain malicious code...

MAL-2025-21866 Malicious code in grape-wls-project (npm)

The package grape-wls-project was found to contain malicious code...

VulnCheck KEV: CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...

Malicious code in i-wls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4403e46e10206e7c0b1c77bf4a27f6c3be2d94aedb52ba77ab8801902df948a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3744 Malicious code in i-wls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4403e46e10206e7c0b1c77bf4a27f6c3be2d94aedb52ba77ab8801902df948a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

This is a PoC exploit for CVE-2017-10271, a vulnerability in Oracle WebLogic's wls-wsat component that allows for deserialization of untrusted data, leading to remote code execution. The exploit is written in Python and uses the requests library to send a malicious XML payload to the vulnerable...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Web Services. The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

CVE-2020-2828

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Web Services. The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

CVE-2020-2798

CVE-2020-2798 affects Oracle WebLogic Server (WLS Web Services). The vulnerability allows a high-privilege attacker with network access via IIOP/T3 to compromise the server, potentially taking over Oracle WebLogic Server. Affected versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Th...

The vulnerability of the WLS Core Components of the Oracle WebLogic Server application server allows a hacker to gain full control over the application.

The vulnerability of the WLS Core Components component of Oracle WebLogic Server applications is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

The vulnerability of the WLS Core Components of Oracle WebLogic Server application servers allows attackers to gain unauthorized access to protected information.

The vulnerability of the WLS Core Components component of Oracle WebLogic Server applications is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

CVE-2020-7227

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

Information disclosure

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Third Party Tools Bouncy Castle Java Library component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTPS could explo...

CVE-2020-2550

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components. The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...