CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

662 matches found

Exploit DB•added 2009/05/20 12:0 a.m.•28 views

Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

7.4AI score

Exploits0

Exploit DB•added 2009/05/20 12:0 a.m.•22 views

Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracked by Sun Alert ID 258068. An attacker may leverage this issue to execute...

7.4AI score

Exploits0

exploitpack•added 2009/05/20 12:0 a.m.•11 views

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracke...

Exploits0

Tenable Nessus•added 2009/05/06 12:0 a.m.•27 views

Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval

The version of Sun Java System Identity Manager hosted on the remote web server fails to sanitize user-supplied input to 'ext' parameter in file 'includes/helpServer.jsp' before using it to display help files. An unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files...

7.8CVSS5.9AI score0.00724EPSS

Exploits2References4

OpenVAS•added 2009/04/30 12:0 a.m.•23 views

Sun Java Directory Server Information Disclosure Vulnerability - Windows

Sun Java Directory Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.1AI score0.00417EPSS

Exploits0References3

OpenVAS•added 2009/04/30 12:0 a.m.•17 views

Sun Java Directory Server Information Disclosure Vulnerability (Linux)

This host is running Sun Java Directory Server and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodsunjavadirserverinfodiscvulnlin.nasl 5122 2017-01-27 12:16:00Z teissa $ Sun Java Directory Server Information Disclosure Vulnerability Linux Authors: Sujit...

5CVSS6.5AI score0.00417EPSS

Exploits0References2

Tenable Nessus•added 2009/04/28 12:0 a.m.•38 views

Sun Java System Identity Manager Account Disclosure

The version of Sun Java System Identity Manager running on the remote host has the following account enumeration vulnerabilities : - The error message for a failed login attempt is different, depending on whether or not a valid username was given. - Requesting...

5CVSS5.7AI score0.00687EPSS

Exploits1References4

NVD•added 2009/04/23 5:30 p.m.•14 views

CVE-2009-1357

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELPPAGE parameter...

6.8CVSS6.9AI score0.25614EPSS

Exploits2References11

Prion•added 2009/04/23 5:30 p.m.•14 views

Crlf injection

6.8CVSS7.3AI score0.25614EPSS

Exploits2References11Affected Software1

Cvelist•added 2009/04/23 5:0 p.m.•14 views

CVE-2009-1357

6.8AI score0.25614EPSS

Exploits2References11

CVE•added 2009/04/23 5:0 p.m.•47 views

CVE-2009-1357

CVE-2009-1357 describes a CRLF injection/HTTP response splitting vulnerability in Sun Java System Delegated Administrator (DA) server. Affected are DA 6.2–6.4 (without patches 121581-20 / 121582-20 / 121583-20 depending on platform). The issue arises in the da/DA/Login component via the HELP_PAGE...

6.8CVSS6.9AI score0.25614EPSS

Exploits2References11Affected Software1

Tenable Nessus•added 2009/04/23 12:0 a.m.•31 views

Solaris 9 (x86) : 120955-12

AM 7.0x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...

10CVSS8AI score0.56626EPSS

Exploits10References12

Tenable Nessus•added 2009/04/23 12:0 a.m.•26 views

Solaris 9 (sparc) : 120954-12

AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

10CVSS8AI score0.56626EPSS

Exploits10References12

Exploit DB•added 2009/04/21 12:0 a.m.•22 views

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served,...

7AI score

Exploits0

seebug.org•added 2009/04/21 12:0 a.m.•16 views

Sun Java System Directory Server信息泄漏漏洞

BUGTRAQ ID: 34548 CNCAN ID：CNCAN-2009041704 Sun Java System Directory Server是一款Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java System Directory Server包含的在线帮助组件存在安全问题，远程攻击者可以利用漏洞判断文件或目录是否存在，导致敏感信息泄漏。目前没有详细漏洞细节提供。 Sun Java System Directory Server Enterprise Edition 5 Sun Java System Directory Server...

6.9AI score

Exploits0

exploitpack•added 2009/04/21 12:0 a.m.•13 views

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can...

Exploits0

Prion•added 2009/04/17 2:30 p.m.•18 views

Design/Logic Flaw

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

5CVSS7AI score0.00417EPSS

Exploits0References5Affected Software1

CVE•added 2009/04/17 2:0 p.m.•47 views

CVE-2009-1332

Summary: CVE-2009-1332 corresponds to an information-disclosure vulnerability in Sun Java System Directory Server's Online Help feature. The issue allows remote attackers to determine whether certain files or directories exist, and in some cases obtain a single line of a file, via unspecified vec...

5CVSS6.5AI score0.00417EPSS

Exploits0References5Affected Software1

securityvulns•added 2009/04/07 12:0 a.m.•33 views

POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration

============================================================ Sun Java System Acccess Manager & Identity Manager Users Enumeration ============================================================ Affected Software: Sun Java System Access Server, OpenSSo Sun Java System Identity Manager Author: Marco...

1AI score

Exploits0

seebug.org•added 2009/04/02 12:0 a.m.•44 views

Sun Java System Calendar Server多个模块跨站脚本漏洞

BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数，command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...

4.3CVSS5.8AI score0.02307EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by