CVE-2008-0896

all versions

BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitl

CVE-2008-0870

all versions

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// UR

CVE-2008-0868

all versions

Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remot

CVE-2008-0865

all versions

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a

CVE-2008-0864

all versions

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits

CVE-2007-5576

all versions

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which

CVE-2007-2703

all versions

BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which mig

CVE-2007-2702

all versions

Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated u

CVE-2007-0426

all versions

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not prop

CVE-2007-0423

all versions

BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role en

CVE-2006-1358

all versions

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wro

CVE-2006-0428

all versions

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remot

CVE-2006-0425

all versions

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vect

CVE-2006-0423

all versions

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file,

CVE-2005-2680

all versions

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass acces

CVE-2005-1749

all versions

Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of servic

CVE-2005-1748

all versions

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows rem

CVE-2005-1747

all versions

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through

CVE-2005-1746

all versions

The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified i

CVE-2005-1745

all versions

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect l

CVE-2005-1743

all versions

BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a

CVE-2005-1742

all versions

BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC conn