Lucene search
K

55 matches found

CVE
CVE
added 2008/11/18 12:0 a.m.64 views

CVE-2008-5116

Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...

7.8CVSS6.7AI score0.04034EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2008/11/18 12:0 a.m.52 views

CVE-2008-5115

CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...

6.8CVSS7.3AI score0.03156EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/11/14 12:0 a.m.8 views

Sun Java System Identity Manager Version Detection (deprecated)

Binary data 4755.prm...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/11 12:0 a.m.19 views

Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability...

7.4AI score
Exploits0
Prion
Prion
added 2008/01/11 10:46 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...

4.3CVSS6.2AI score0.05696EPSS
Exploits1References16Affected Software1
NVD
NVD
added 2008/01/11 10:46 p.m.19 views

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter...

5.8CVSS6.7AI score0.02677EPSS
Exploits1References9
NVD
NVD
added 2008/01/11 10:46 p.m.21 views

CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."...

4.3CVSS6.8AI score0.05836EPSS
Exploits1References9
NVD
NVD
added 2008/01/11 10:46 p.m.25 views

CVE-2008-0239

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...

4.3CVSS5.9AI score0.05696EPSS
Exploits1References16
Cvelist
Cvelist
added 2008/01/11 10:0 p.m.27 views

CVE-2008-0239

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...

5.9AI score0.05696EPSS
Exploits1References16
CVE
CVE
added 2008/01/11 10:0 p.m.52 views

CVE-2008-0241

CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...

5.8CVSS6.7AI score0.02677EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2008/01/11 10:0 p.m.52 views

CVE-2008-0239

The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...

4.3CVSS5.9AI score0.05696EPSS
Exploits1References16Affected Software1
exploitpack
exploitpack
added 2008/01/09 12:0 a.m.20 views

Sun Java System Identity Manager 6.07.07.1 - idmaccountfindForSelect.jsp?resultsForm Cross-Site Scripting

Sun Java System Identity Manager 6.07.07.1 - idmaccountfindForSelect.jsp?resultsForm Cross-Site Scripting source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2008/01/09 12:0 a.m.19 views

Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities

Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/09 12:0 a.m.23 views

Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/01/09 12:0 a.m.18 views

Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection

Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting...

Exploits0
Rows per page
Query Builder