Sun Java System Directory Server信息泄漏漏洞

BUGTRAQ ID: 34548 CNCAN ID：CNCAN-2009041704 Sun Java System Directory Server是一款Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java System Directory Server包含的在线帮助组件存在安全问题，远程攻击者可以利用漏洞判断文件或目录是否存在，导致敏感信息泄漏。 目前没有详细漏洞细节提供。 Sun Java System Directory Server Enterprise Edition 5 Sun Java System Directory Server...

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can...

Design/Logic Flaw

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

CVE-2009-1332

Summary: CVE-2009-1332 corresponds to an information-disclosure vulnerability in Sun Java System Directory Server's Online Help feature. The issue allows remote attackers to determine whether certain files or directories exist, and in some cases obtain a single line of a file, via unspecified vec...

POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration

============================================================ Sun Java System Acccess Manager & Identity Manager Users Enumeration ============================================================ Affected Software: Sun Java System Access Server, OpenSSo Sun Java System Identity Manager Author: Marco...

Sun Java System Identity Manager / Access Manager accounts enumeration

Replies for invalid username and invalid password are different...

Sun Java System Calendar Server多个模块跨站脚本漏洞

BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数，command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...

Sun Java System Calendar Server重复URI请求拒绝服务漏洞

BUGTRAQ ID: 34150 CVECAN ID: CVE-2009-1219 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话，就会导致Calendar Server进程崩溃，可能留下类似于以下栈追踪的崩溃dump，具体取决于系统配置： $ pstack core ... ... ----------------- lwp 4 / thread 4 --------------------...

CVE-2009-1218

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...

Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service

source: https://www.securityfocus.com/bid/34150/info Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests. An attacker can exploit this issue to crash the Calendar Server, resulting in a denial-of-service condition...

Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service

Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service source: https://www.securityfocus.com/bid/34150/info Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests. An attacker can exploit this...

Design/Logic Flaw

Sun Java System Identity Manager IdM 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs...

CVE-2009-1084

Sun Java System Identity Manager IdM 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object...

CVE-2009-1077

The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...

CVE-2009-1082

Sun Java System Identity Manager IdM 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and...

Default credentials

The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...