EUVD-2005-2024

Malware in sbrugna...

CVE-2004-2765

Cross-site scripting XSS vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than...

iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary...

CVE-2004-2766

CVE-2004-2766 affects Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 prior to 5.2hf2.02. A crafted e-mail message can enable remote attackers to obtain unspecified access to e-mail, described as related to a session hijacking issue. The description does not specify the affected pro...

CVE-2004-2766

Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486...

CVE-2004-2765

CVE-2004-2765 is an XSS vulnerability in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 prior to 5.2hf2.02. The issue occurs in Webmail when using Internet Explorer, where a crafted e-mail message can cause arbitrary web script/HTML to be injected. Connected sources (Red Hat and NV...

CVE-2006-5652

Cross-site scripting XSS vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets CSS function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related ...

Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" Discovered Date: 25/09/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.sun.com/ Details: iPlanet Messaging Server Messenger Expres...

iPlanet Messaging Server - Messenger Express Expression() HTML Injection

iPlanet Messaging Server - Messenger Express Expression HTML Injection source: https://www.securityfocus.com/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit...

iPlanet Messaging Server - Messenger Express Expression() HTML Injection

source: https://www.securityfocus.com/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser...

CVE-2006-5486

Cross-site scripting XSS vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages...

CVE-2006-5486

CVE-2006-5486: Cross-site scripting in Webmail of Sun Java System Messaging Server 6.0–6.2 and iPlanet Messaging Server 5.2. Remote attackers can trigger arbitrary Javascript via crafted e-mails. Affected: Webmail component of Sun/ iPlanet Messaging Server. Root cause described as XSS via crafted...

CVE-2006-5486

Cross-site scripting XSS vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages...

CVE-2006-3159

CVE-2006-3159 affects Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16. The flaw allows a local user to read portions of restricted files via a symlink attack on msg.conf in a directory defined by the CONFIGROOT environment variable, with the error message returning the first line of the target f...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messagi...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure

Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a centralized location for...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure

Exploit for multiple platform in category local exploits ===================================================================== Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure ===================================================================== Date: 14 Jun 2006 Vendor: Sun...

[Full-disclosure] Sun iPlanet Messaging Server 5.2 root password compromise

Summary ---------------- Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a...

CVE-2005-2022

Technical details about CVE-2005-2022 are not publicly available in the provided documents; no confirmed affected versions, root cause, impact, or remediation are disclosed beyond the brief description. Monitor for updates.

CVE-2005-2022

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting XSS vulnerability...