55 matches found
EUVD-2009-1078
Malware in sbrugna...
EUVD-2010-3542
Malware in sbrugna...
EUVD-2008-5093
Malware in sbrugna...
EUVD-2008-0251
Malware in sbrugna...
EUVD-2008-0252
Malware in sbrugna...
EUVD-2009-1085
Malware in sbrugna...
EUVD-2008-5096
Malware in sbrugna...
CVE-2009-1079
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683...
CVE-2009-1081
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
Sun Java System Identity Manager 6.0/7.0/7.1 /idm/help/index.jsp helpUrl Variable Remote Frame Injection
No description provided by source. source: http://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied...
Sun Java System Identity Manager 6.0/7.0/7.1 /idm/account/findForSelect.jsp resultsForm Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied...
Sun Java System Identity Manager 6.0/7.x Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a...
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
The version of Sun Java System Identity Manager hosted on the remote web server fails to sanitize user-supplied input to 'ext' parameter in file 'includes/helpServer.jsp' before using it to display help files. An unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files...
Design/Logic Flaw
Sun Java System Identity Manager IdM 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs...
Default credentials
The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033...
Code injection
Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the expected privilege requirements for 1 deleting audit policies and 2 modifying workflows, which allows remote authenticated users to have an unspecified impact...
Design/Logic Flaw
Sun Java System Identity Manager IdM 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and...
CVE-2009-1080
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033...