| Max CVSS | 7.1 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2699 | 7.1 |
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
|
28-05-2019 - 17:29 | 16-05-2007 - 01:19 | |
| CVE-2007-2703 | 3.6 |
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
|
30-10-2018 - 16:25 | 16-05-2007 - 01:19 | |
| CVE-2007-2702 | 3.5 |
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
|
30-10-2018 - 16:25 | 16-05-2007 - 01:19 | |
| CVE-2006-4339 | 4.3 |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
|
17-10-2018 - 21:35 | 05-09-2006 - 17:04 | |
| CVE-2007-2696 | 6.8 |
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2697 | 5.1 |
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2701 | 4.6 |
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2704 | 5.4 |
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2700 | 4.0 |
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain s
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2695 | 5.1 |
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," whic
|
29-07-2017 - 01:31 | 16-05-2007 - 01:19 | |
| CVE-2007-2694 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vector
|
08-03-2011 - 02:54 | 16-05-2007 - 01:19 |