Code injection

The login module in Sun Java System Access Manager 6 2005Q1 aka 6.3, 7 2005Q4 aka 7.0, and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 aka 6.3, 7 2005Q4 aka 7.0, and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

CVE-2009-0348

CVE-2009-0348 affects Sun Java System Access Manager: login module responsiveness difference during failed logins allows remote username enumeration. Versions implicated: 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1. The description does not specify an exploit or affected patch level beyond th...

Sun Java System Access Manager 7.1 - 'Username' Enumeration

source: https://www.securityfocus.com/bid/33489/info Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in...

Sun Java System Access Manager 7.1 - Username Enumeration

Sun Java System Access Manager 7.1 - Username Enumeration source: https://www.securityfocus.com/bid/33489/info Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this...

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm...

CVE-2009-0170

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console...

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm...

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm...

CVE-2009-0169

CVE-2009-0169 affects Sun Java System Access Manager 7.1. The vulnerability allows a remote authenticated sub-realm administrator to escalate privileges by creating the amadmin account in the sub-realm and then logging in as amadmin in the root realm. The available data confirms an in-realm privi...

Sun Java System Access Manager 'sub-realm'特权提升漏洞

BUGTRAQ ID: 33266 CNCAN ID：CNCAN-2009011503 Sun Java System Access Manager是一款安全单点登录、认证、授权解决方案。 Sun Java System Access Manager存在安全漏洞，允许sub-real管理员提升特权或访问root realm作为管理员。 目前没有详细漏洞细节提供。 Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System Access...

Sun Java System Portal Server远程文件泄露漏洞

Sun Java System Portal Server是一种Web信息中心系统，用于工作协作和提供信息服务。 Sun Java System Portal Server的Web Console组件在处理用户请求时存在漏洞，远程攻击者可能利用此漏洞非授权访问到系统文件。 Sun Java System Portal Server 7.2 Sun Java System Portal Server 7.1 Sun --- Sun已经为此发布了一个安全公告（243886）以及相应补丁: 243886：Security Vulnerability Related to Sun Java...

Sun Java System Identity Manager Detection

Sun Java System Identity Manager, an enterprise tool for identity management, is installed on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35104; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

CVE-2008-5549

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."...

Code injection

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."...

CVE-2008-5549

CVE-2008-5549 affects the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2. The connected Nessus/NASL data identify affected patches for Solaris 10 (SPARC/x86) — e.g., 124301-16, 124302-16, 138686-07 — as maintenance updates addressing this vulnerability. The issue ena...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

CVE-2008-5266 is an XSS in GlassFish 2 UR2 webadmin (configuration/httpListenerEdit.jsf) of Sun Java System Application Server 9.1_01 (build b09d-fcs) and 9.1_02 (build b04-fcs). Remote attackers can inject arbitrary script via the name parameter. CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/I:P/C:N/A:...