CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

850 matches found

NVD•added 2009/05/21 2:30 p.m.•14 views

CVE-2009-1729

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

4.3CVSS5.7AI score0.08905EPSS

Exploits2References13

CVE•added 2009/05/21 2:0 p.m.•55 views

CVE-2009-1729

CVE-2009-1729 corresponds to multiple XSS flaws in Sun Java System Communications Express 6.2 (2005Q4) and 6.3. The vulnerabilities are in the Personal Address Book Add Contact path (uwc/abs/search.xml) via abperson_displayName and in UWCMain (uwc/base/UWCMain) via temporaryCalendars. Impact is c...

4.3CVSS5.7AI score0.08905EPSS

Exploits2References13Affected Software1

Cvelist•added 2009/05/21 2:0 p.m.•19 views

CVE-2009-1729

5.7AI score0.08905EPSS

Exploits2References13

securityvulns•added 2009/05/21 12:0 a.m.•57 views

CORE-2009-0109 - Multiple XSS in Sun Communications Express

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS in Sun Communications Express 1. Advisory Information Title: Multiple XSS in Sun Communications Express Advisory ID: CORE-2009-0109 Advisory URL:...

4.3CVSS5.9AI score0.08905EPSS

Exploits2

exploitpack•added 2009/05/20 12:0 a.m.•14 views

Sun Java System Communications Express 6.3 - search.xml Cross-Site Scripting

Sun Java System Communications Express 6.3 - search.xml Cross-Site Scripting source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...

0.1AI score

Exploits0

Exploit DB•added 2009/05/20 12:0 a.m.•29 views

Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

7.4AI score

Exploits0

Exploit DB•added 2009/05/20 12:0 a.m.•23 views

Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracked by Sun Alert ID 258068. An attacker may leverage this issue to execute...

7.4AI score

Exploits0

exploitpack•added 2009/05/20 12:0 a.m.•11 views

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracke...

Exploits0

Japan Vulnerability Notes•added 2009/05/13 6:37 a.m.•2 views

Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Overview Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server...

4.3CVSS6.1AI score0.0183EPSS

Exploits1References8

Tenable Nessus•added 2009/05/06 12:0 a.m.•27 views

Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval

The version of Sun Java System Identity Manager hosted on the remote web server fails to sanitize user-supplied input to 'ext' parameter in file 'includes/helpServer.jsp' before using it to display help files. An unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files...

7.8CVSS5.9AI score0.00724EPSS

Exploits2References4

OpenVAS•added 2009/04/30 12:0 a.m.•23 views

Sun Java Directory Server Information Disclosure Vulnerability - Windows

Sun Java Directory Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.1AI score0.00417EPSS

Exploits0References3

OpenVAS•added 2009/04/30 12:0 a.m.•17 views

Sun Java Directory Server Information Disclosure Vulnerability (Linux)

This host is running Sun Java Directory Server and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodsunjavadirserverinfodiscvulnlin.nasl 5122 2017-01-27 12:16:00Z teissa $ Sun Java Directory Server Information Disclosure Vulnerability Linux Authors: Sujit...

5CVSS6.5AI score0.00417EPSS

Exploits0References2

Tenable Nessus•added 2009/04/28 12:0 a.m.•38 views

Sun Java System Identity Manager Account Disclosure

The version of Sun Java System Identity Manager running on the remote host has the following account enumeration vulnerabilities : - The error message for a failed login attempt is different, depending on whether or not a valid username was given. - Requesting...

5CVSS5.7AI score0.00687EPSS

Exploits1References4

NVD•added 2009/04/23 5:30 p.m.•14 views

CVE-2009-1357

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELPPAGE parameter...

6.8CVSS6.9AI score0.25614EPSS

Exploits2References11

Prion•added 2009/04/23 5:30 p.m.•15 views

Crlf injection

6.8CVSS7.3AI score0.25614EPSS

Exploits2References11Affected Software1

Cvelist•added 2009/04/23 5:0 p.m.•14 views

CVE-2009-1357

6.8AI score0.25614EPSS

Exploits2References11

CVE•added 2009/04/23 5:0 p.m.•50 views

CVE-2009-1357

CVE-2009-1357 describes a CRLF injection/HTTP response splitting vulnerability in Sun Java System Delegated Administrator (DA) server. Affected are DA 6.2–6.4 (without patches 121581-20 / 121582-20 / 121583-20 depending on platform). The issue arises in the da/DA/Login component via the HELP_PAGE...

6.8CVSS6.9AI score0.25614EPSS

Exploits2References11Affected Software1

Tenable Nessus•added 2009/04/23 12:0 a.m.•31 views

Solaris 9 (x86) : 120955-12

AM 7.0x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...

10CVSS8AI score0.56626EPSS

Exploits10References12

Tenable Nessus•added 2009/04/23 12:0 a.m.•26 views

Solaris 9 (sparc) : 120954-12

AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

10CVSS8AI score0.56626EPSS

Exploits10References12

Exploit DB•added 2009/04/21 12:0 a.m.•23 views

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served,...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by