Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...

CVE-2006-3921

Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...

CVE-2006-3225

Cross-site scripting XSS vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors...

CVE-2006-3225

CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...

CVE-2005-4806

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service unresponsive service via unknown vectors...

CVE-2005-4804

Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications...

CVE-2005-4805

Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.

CVE-2005-4806

CVE-2005-4806 affects Sun Java System Web Proxy Server 3.6 SP7 and earlier. The vulnerability is described as multiple unspecified remote vulnerabilities that allow an attacker to cause a denial of service (unresponsive service) via unknown vectors. The provided sources identify the affected prod...

Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"

IE + some popular forward proxy servers = XSS, defacement browser cache poisoning Or "Exploiting the XmlHttpRequest object in IE" part II Amit Klein, May 2006 Preface ======= When I published my Exploiting the XmlHttpRequest object in IE - Referrer spoofing and a lot more..." 1 paper, I only...

CVE-2006-2513

Sun Java System Directory Server 5.2 contains a flaw in the installation process that writes incorrect user data to a file created during installation, enabling privilege elevation for remote attackers or local users. The connected Nessus entry (Sun Server Console Authentication Bypass) notes a d...

CVE-2006-2501

Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...

Cross site scripting

Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...

CVE-2006-2501

CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...

[SA20147] Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability

TITLE: Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA20147 VERIFY ADVISORY: http://secunia.com/advisories/20147/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7.x...

[SA20144] Sun Java System Directory Server Authentication Bypass

TITLE: Sun Java System Directory Server Authentication Bypass SECUNIA ADVISORY ID: SA20144 VERIFY ADVISORY: http://secunia.com/advisories/20144/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Sun Java System Directory Server 5.x...

CVE-2006-0647

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service memory allocation error via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite...

Design/Logic Flaw

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service memory allocation error via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite...

CVE-2006-0647

Summary: CVE-2006-0647 affects Sun Java System Directory Server 5.2 (LDAP server) on Linux and possibly other platforms. The vulnerability is triggered by a crafted LDAP subtree search request, leading to a denial of service via a memory allocation error. The issue arises from improper handling o...

CVE-2006-0647

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service memory allocation error via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite...

[SA18769] Sun Java System Directory Server LDAP Denial of Service

TITLE: Sun Java System Directory Server LDAP Denial of Service SECUNIA ADVISORY ID: SA18769 VERIFY ADVISORY: http://secunia.com/advisories/18769/ CRITICAL: Less critical IMPACT: DoS WHERE: From local network SOFTWARE: Sun ONE Directory Server 5.x http://secunia.com/product/6188/ Sun Java System...