CVE-2008-5115

CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...

CVE-2008-5116

Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...

CVE-2008-5098

CVE-2008-5098 is an XSS vulnerability in Sun Java System Messaging Server versions 6.2 and 6.3. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, and it is noted as a different vulnerability from CVE-2007-2904. The connected sources provide the affe...

Sun Java System Identity Manager Version Detection (deprecated)

Binary data 4755.prm...

Sun Java System Identity Manager 6.07.x - Multiple Vulnerabilities

Sun Java System Identity Manager 6.07.x - Multiple Vulnerabilities...

Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability...

Sun Java System LDAP JDK搜索功能信息泄漏漏洞

BUGTRAQ ID: 31905 CNCAN ID：CNCAN-2008102503 Sun Java System LDAP是一款LDAP协议实现。 Sun Java System LDAP JDK搜索功能存在安全问题，本地攻击者可以利用漏洞获得使用LDAP JDK库应用程序的敏感信息。 目前没有详细漏洞细节提供。 Sun Java System LDAP JDK 4.19 Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System...

CVE-2008-4747

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library...

Design/Logic Flaw

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library...

CVE-2008-4747

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library...

CVE-2008-4747

CVE-2008-4747 affects Sun Java System LDAP JDK before 4.20, with a vulnerability in the search feature that may allow context-dependent attackers to obtain sensitive information via LDAP JDK library vectors. The NVD entry lists a low impact (CVSS v2: 2.1, local access, partial confidentiality imp...

Sun Java System Web Proxy Server Vulnerabilities (Windows)

This host has Sun Java Web Proxy Server running, which is prone to heap buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavawebporxysvrvulnwin.nasl 6605 2017-07-07 11:22:07Z cfischer $ Sun Java System Web Proxy Server Vulnerabilities Windows Authors: Chandan S Copyright:...

Sun Java System Web Proxy Server < 4.0.8 Multiple Vulnerabilities - Linux

Sun Java Web Proxy Server is prone to a heap buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

CVE-2008-4541

Sun Java System Web Proxy Server (Sun Microsystems) is affected by CVE-2008-4541 due to a heap-based buffer overflow in the FTP subsystem. The vulnerability exists in versions 4.0 through 4.0.7 and can be triggered by processing a crafted HTTP GET request, potentially allowing remote code executi...

Sun Java System Portal Server Portlets跨站脚本漏洞

BUGTRAQ ID: 30738 CNCAN ID：CNCAN-2008081909 Sun Java System Portal Server是一款与J2EE平台兼容的应用服务器。 Sun Java System Portal Server绑定的部分Portlets存在跨站脚本问题，远程攻击者可以利用漏洞在用户WEB浏览器上执行任意脚本代码。 目前没有详细漏洞细节提供。 Sun Java System Portal Server 7.1 Sun Java System Portal Server 7.0 Sun Java System Portal Server 7 可参考如下补丁：...

Design/Logic Flaw

Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service failure to accept connections via unknown vectors, probably related to exhaustion of file descriptors...

CVE-2008-3683

The CVE-2008-3683 affects Sun Java System Web Proxy Server 4.0–4.0.5 prior to SP6, where an unspecified vulnerability in the FTP subsystem can allow remote attackers to trigger a denial of service by exhausting file descriptors (failure to accept new connections). The issue is described as unknow...

CVE-2008-3683

Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service failure to accept connections via unknown vectors, probably related to exhaustion of file descriptors...