SUSE CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.115 and earlier, 1.4.208 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a differen...

Solaris 10 (x86) : 136717-01

SunOS 5.10x86: namefs driver. Date this patch was last updated by Sun : Jan/24/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Sun Java System Communications Express 6.3 'UWCMain' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracked by Sun Alert ID 258068. An attacker ma...

Sun Solaris sadmind守护程序多个远程溢出漏洞

BUGTRAQ ID: 35083 CVECAN ID: CVE-2008-3869,CVE-2008-3870 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的sadmind守护程序在为入站的sadmind请求分配内存时存在整数溢出，在解码某些请求参数时存在堆溢出。如果远程攻击者提交了畸形的RPC请求的话，就可以触发这些溢出，导致以root用户权限执行任意代码。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 8.0x86 Sun Solaris 8.0 临时解决方法： 如下禁用sadmind1M： 1...

Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracked by Sun Alert ID 258068. An attacker may leverage this issue to execute...

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracke...

CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ HTTP Response Splitting vulnerability in Sun Delegated Administrator 1. Advisory Information Title: HTTP Response Splitting vulnerability in Sun Delegated Administrat...

Core Security Technologies Advisory 2009.0114

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ HTTP Response Splitting vulnerability in Sun Delegated Administrator 1. Advisory Information Title: HTTP Response Splitting vulnerability in Sun Delegated Administrat...

HTTP Response Splitting vulnerability in Sun Delegated Administrator

Advisory ID Internal CORE-2009-0114 1. Advisory Information Title: HTTP Response Splitting vulnerability in Sun Delegated Administrator Advisory ID: CORE-2009-0114 Date published: 2009-04-21 Date of last update: 2009-04-21 Vendors contacted: Sun Microsystems Release mode: Coordinated release 2...

Sun Java System Calendar Server重复URI请求拒绝服务漏洞

BUGTRAQ ID: 34150 CVECAN ID: CVE-2009-1219 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话，就会导致Calendar Server进程崩溃，可能留下类似于以下栈追踪的崩溃dump，具体取决于系统配置： $ pstack core ... ... ----------------- lwp 4 / thread 4 --------------------...

Sun Java System Calendar Server多个模块跨站脚本漏洞

BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数，command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...

Sun Solaris NFS服务程序安全模式非授权访问漏洞

BUGTRAQ ID: 34063 CVECAN ID: CVE-2009-0872 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的NSF服务程序没有正确地结合其他安全模式实现AUTHNONE（sec=none）安全模式，远程攻击者可以组合使用（AUTHNONE）和sys（AUTHSYS）安全模式绕过限制，非授权访问通过NFS共享的文件系统。 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris snv01 - snv110 临时解决方法：...

Sun Solaris NFS守护程序绕过安全限制漏洞

BUGTRAQ ID: 34062 CVECAN ID: CVE-2009-0873 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的NFS守护程序（nfsd）没有正确地实现多种安全模式组合，远程攻击者可以利用sec=sys和sec=krb5安全模式组合绕过预期的访问限制，读取或修改受限制的文件。 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris snv01 - snv105 临时解决方法： 对NFS服务器所支持的安全模式使用相同的访问列表。...

Sun Solaris加密驱动本地拒绝服务漏洞

BUGTRAQ ID: 34000 CVECAN ID: CVE-2009-0838 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的加密伪设备驱动没有正确地释放内存，本地攻击者可以通过vmemhashdelete函数导致系统忙碌。如果出现上述漏洞，系统可能出现类似于以下栈追踪的忙碌： vmemhashdelete: bad free vmemhashdelete vmemxfree objectgetattributevalue fopioctl ioctl Sun Solaris 10.0x86 Sun Solaris 10.0 Sun...

Sun管理中心性能报表模块跨站脚本漏洞

BUGTRAQ ID: 33999 Sun Management Center软件是开放的、可扩展的系统监视和管理方案。 Sun管理中心的性能报表模块中存在跨站脚本漏洞，可能允许远程非特权用户在用户浏览器中执行任意JavaScript代码，或窃取可能用于访问Sun管理中心Web控制台的会话cookie。 Sun SunMC 4.0 Sun SunMC 3.6.1 厂商补丁： Sun --- Sun已经为此发布了一个安全公告（Sun-Alert-247046）以及相应补丁: Sun-Alert-247046：Cross Site Scripting XSS Vulnerability in...

Sun Solaris rpc.metad远程拒绝服务漏洞

BUGTRAQ ID: 28261 CVECAN ID: CVE-2008-1480 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 如果远程攻击者向Solaris提交了恶意RPC请求的话，就会导致rpc.metad1M崩溃，服务和Solaris卷标管理器（SVM）命令会失效，这是一种拒绝服务。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris snv01 - snv95 Sun Solstice Disk Suite 4.2.1 厂商补丁：...

HP-UX PHSS_38761 : s700_800 11.X OV NNM7.01 Intermediate Patch 12

s700800 11.X OV NNM7.01 Intermediate Patch 12 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Network Node Manager OV NNM. The vulnerability could be exploited remotely to create a Denial of Service DoS...

Sun Java System Identity Manager目录遍历及跨站请求伪造漏洞

BUGTRAQ ID: 32262 CVECAN ID: CVE-2008-5117,CVE-2008-5118,CVE-2008-5116,CVE-2008-5115,CVE-2008-5114 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Identity Manager的/idm/includes/helpServer.jsp服务器端脚本没有正确地验证ext参数，未经认证的远程攻击者可以通过向服务器提交恶意请求执行目录遍历攻击，检索文件系统上任意已知位置上的文件。 Identity...

Sun Solaris DHCP请求处理拒绝服务及代码执行漏洞

BUGTRAQ ID: 32213 CVECAN ID: CVE-2007-5365 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的DHCP服务器（in.dhcpd1M）处理DHCP请求中的安全漏洞可能允许远程非特权用户杀死DHCP服务进程（拒绝服务）或以root用户权限执行任意指令。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 8.0x86 Sun Solaris 8.0 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris snv01 -...