Sun Java System Web Proxy Server FTP子系统拒绝服务漏洞

BUGTRAQ ID: 30671 CNCAN ID：CNCAN-2008081410 Sun Java System Web Proxy Server是一款基于JAVA的WEB代理服务程序。 Sun Java System Web Proxy Server 4.0的FTP子系统存在安全问题，本地或远程攻击者可以阻止代理服务器接收新的连接，导致拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Java System Web Proxy Server 4.0.5 Sun Java System Web Proxy Server 4.0 可参考如下安全公告获得补丁信息：...

Solaris 10 (sparc) : 119725-06 (deprecated)

Sun JavaTM System LDAP Java Development Kit 4.21: patch for Sola. Date this patch was last updated by Sun : Sep/19/08 This plugin has been deprecated and either replaced with individual 119725 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security,...

CVE-2008-3425

Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System SPS 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors...

Code injection

Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System SPS 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors...

CVE-2008-3425

The vulnerability described in CVE-2008-3425 affects the Sun Java System Web Server 7.0 plugin within Sun N1 Service Provisioning System (SPS) versions 5.2 and 6.0. The issue allows remote authenticated SPS users to gain administrative access to the web server via unspecified attack vectors. The ...

Sun Java System ASP Server Detection

The remote service is an ASP Server, part of Sun Java System Active Server Pages or an older variant such as Chili!Soft ASP, which provides a web server with ASP Active Server Pages functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities

The remote host is running Sun Java System Active Server Pages ASP, or an older variant such as Sun ONE ASP or Chili!Soft ASP. The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities : - Several of the administration...

Sun Java System Access Manager XSLT样式表单XML签名远程代码执行漏洞

BUGTRAQ ID: 29988 CNCAN ID：CNCAN-2008063001 Sun Java System Access Manager是一款安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器没有正确安全处理XML签名中的XSLT样式表单，远程攻击者可以利用漏洞以应用程序权限执行任意代码。 能建立使用访问管理器本地可查看的XML签名的远程用户可以访问管理器应用程序权限执行任意代码。访问管理器由WEB'容器'应用程序运行，如Sun Java System Application...

CVE-2008-2945

Technical details for CVE-2008-2945 are not provided in the connected documents; public disclosures and remediation are not covered here. Monitor for updates.

Sun Java System Calendar服务器拒绝服务漏洞

BUGTRAQ ID: 29763 CNCAN ID：CNCAN-2008061906 Sun Java System Calendar Server是一款基于Java的日程服务程序。 Sun Java System Calendar Server在访问日志开启时存在未明安全问题，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun ONE Calendar Server 6.0 Sun Java System Calendar Server 6.3 Sun Java System Calendar Server 6 2005Q4 Sun Java...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2749

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2008-2749

CVE-2008-2749 affects Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, where the cshttpd component is vulnerable when access logging (service.http.commandlog.all) is enabled. The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified v...

CVE-2008-2749

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

Authentication flaw

Unspecified vulnerability in Sun Java System Access Manager AM 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition DSEE, allows remote attackers to bypass authentication via unspecified vectors...

glassfish-xss.txt

============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...