Search
Search Results (151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1224 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. | ||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | ||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | ||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. | ||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | ||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | ||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | ||||
| CVE-2003-0622 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | ||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | ||||
| CVE-2003-0624 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | ||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | ||||