Oracle Weblogic_portal
21 CVEs affecting Oracle Weblogic_portal. Latest disclosed: 2008-02-21. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2008-0870 | | 2008-02-21 | BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administrati… | |
CVE-2008-0868 | | 2008-02-21 | Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inje… | |
CVE-2008-0865 | | 2008-02-21 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via un… | |
CVE-2008-0864 | | 2008-02-21 | Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, w… | |
CVE-2007-5576 | | 2007-10-18 | BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate a… | |
CVE-2007-2703 | | 2007-05-16 | BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated… | |
CVE-2007-2702 | | 2007-05-16 | Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web… | |
CVE-2007-0426 | | 2007-01-23 | BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement po… | |
CVE-2007-0423 | | 2007-01-23 | BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertent… | |
CVE-2006-1358 | | 2006-03-22 | Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow… | |
CVE-2006-0428 | | 2006-01-25 | Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restric… | |
CVE-2006-0425 | | 2006-01-25 | BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. | |
CVE-2006-0423 | | 2006-01-25 | BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to ga… | |
CVE-2005-2680 | | 2005-08-23 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages… | |
CVE-2005-1749 | | 2005-05-24 | Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from threa… | |
CVE-2005-1748 | | 2005-05-24 | The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which ma… | |
CVE-2005-1747 | | 2005-05-24 | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote… | |
CVE-2005-1746 | | 2005-05-24 | The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is n… | |
CVE-2005-1745 | | 2005-05-24 | The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which c… | |
CVE-2005-1743 | | 2005-05-24 | BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an… |