CVE-2009-1078

Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the expected privilege requirements for 1 deleting audit policies and 2 modifying workflows, which allows remote authenticated users to have an unspecified impact...

CVE-2009-1081

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...

CVE-2009-1083

Sun Java System Identity Manager IdM 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."...

CVE-2009-1077

The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...

CVE-2009-1079

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683...

CVE-2009-1074

Sun Java System Identity Manager IdM 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs...

CVE-2009-1081

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...

CVE-2009-1080

CVE-2009-1080 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID 19033). Affected component: IdM web interfac...

CVE-2009-1078

Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the expected privilege requirements for 1 deleting audit policies and 2 modifying workflows, which allows remote authenticated users to have an unspecified impact...

CVE-2009-1081

CVE-2009-1081 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19595 and 19661). The connected documents do not provide concrete exploi...

CVE-2009-1082

Sun Java System Identity Manager (IdM) 7.0–8.0 is affected by a privilege-escalation issue where remote authenticated users can submit crafted commands to the Admin Console to gain administrative privileges (e.g., account creation) via the saveNoValidate and related saveNoValidateAllowedFormsAndW...

Sun Java System Identity Manager多个安全漏洞

BUGTRAQ ID: 34191 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Sun Java System Identity Manager（IdM）受多个安全漏洞影响，具体如下： 由于没有使用SSL加密某些连接，远程非特权用户可以非授权访问客户端与IdM服务器之间所传输的数据（17763）。 本地或远程非特权用户可以判断是否存在有效的IdM帐号名（18052，18104）。 在IdM服务器上拥有帐号的用户可以更改其他IdM帐号的口令（18578）。...

Sun Java System Messenger Express 6.3-0.15 - 'error' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34140/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Sun Java System Messenger Express 6.3-0.15 - error Cross-Site Scripting

Sun Java System Messenger Express 6.3-0.15 - error Cross-Site Scripting source: https://www.securityfocus.com/bid/34140/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...

Sun Java System Messenger Express XSS

Product:Sun Javatm System Messenger Express Version: 6.3-0.15 Author:syniack contact:[email protected] Vulnerable link: http://example.com/?user=admin&error="alert1; -- SyN/AcK RuLzZ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the 1 Full Name or 2 Subject field...

CVE-2009-0877

The CVE-2009-0877 entry describes multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express. The affected component is the web interface of Sun Java System Communications Express, where attackers can inject arbitrary web script or HTML via the Full Name or Subj...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6192

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6192

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...