Max CVSS 7.5 Min CVSS 2.1 Total Count14
IDCVSSSummaryLast (major) updatePublished
CVE-2005-1747 6.8
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privile
17-10-2016 - 23:22 24-05-2005 - 00:00
CVE-2005-1685 7.5
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1684 4.3
Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1380 6.8
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1749 5.0
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1748 5.0
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1746 5.0
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slow
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1745 4.6
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1744 7.5
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1743 7.5
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1742 5.0
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
07-03-2011 - 21:22 24-05-2005 - 00:00
CVE-2005-1654 7.5
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
05-09-2008 - 16:49 18-05-2005 - 00:00
CVE-2005-1152 2.1
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
05-09-2008 - 16:48 25-05-2005 - 00:00
CVE-2005-1151 7.2
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
05-09-2008 - 16:48 25-05-2005 - 00:00
Back to Top Mark selected
Back to Top