55 matches found
CVE-2008-5116
Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...
CVE-2008-5115
CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...
Sun Java System Identity Manager Version Detection (deprecated)
Binary data 4755.prm...
Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter...
CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2008-0241
CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...
CVE-2008-0239
The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...
Sun Java System Identity Manager 6.07.07.1 - idmaccountfindForSelect.jsp?resultsForm Cross-Site Scripting
Sun Java System Identity Manager 6.07.07.1 - idmaccountfindForSelect.jsp?resultsForm Cross-Site Scripting source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...
Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection
Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting...