662 matches found
CVE-2008-5549
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."...
Code injection
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."...
CVE-2008-5549
CVE-2008-5549 affects the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2. The connected Nessus/NASL data identify affected patches for Solaris 10 (SPARC/x86) — e.g., 124301-16, 124302-16, 138686-07 — as maintenance updates addressing this vulnerability. The issue ena...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
Sun Java System Identity Manager multiple security vulnerabilities
Crossite request forgery, unauthorized access...
PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter
PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter Date Found: 25th April 2008 Vendor Contacted: 28th April 2008 Date Public: 10th November 2008 Severity: High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...
PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager
PR07-11: Cross-site Request Forgery CSRF on Sun Java System Identity Manager Date Found: 11th June 2007 Vendor Contacted: 18th June 2007 Date Public: 10th November 2008 Severity: Medium/High Credits: Adrian Pastor and Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...
Sun Java System Identity Manager目录遍历及跨站请求伪造漏洞
BUGTRAQ ID: 32262 CVECAN ID: CVE-2008-5117,CVE-2008-5118,CVE-2008-5116,CVE-2008-5115,CVE-2008-5114 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Identity Manager的/idm/includes/helpServer.jsp服务器端脚本没有正确地验证ext参数,未经认证的远程攻击者可以通过向服务器提交恶意请求执行目录遍历攻击,检索文件系统上任意已知位置上的文件。 Identity...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."...
CVE-2008-5115
Cross-site request forgery CSRF vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp...
Open redirect
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Directory traversal
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter...
CVE-2008-5114
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2008-5115
Cross-site request forgery CSRF vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp...
CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter...
CVE-2008-5114
Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...