Cross site scripting

Cross-site scripting XSS vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309...

Cross site scripting

Cross-site scripting XSS vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246...

CVE-2007-6570

Cross-site scripting XSS vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309...

CVE-2007-6571

Cross-site scripting XSS vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356...

CVE-2007-6569

Cross-site scripting XSS vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246...

CVE-2007-6570

CVE-2007-6570 describes a Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server’s View URL Database functionality. Affected software versions are Sun Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11. The vulnerability allows remote attackers to inject arbitrary web...

CVE-2007-6572

Cross-site scripting XSS vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204...

CVE-2007-6571

CVE-2007-6571 describes a cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected product/version: Sun Java System Web Proxy Server 3.6 prior to SP11...

CVE-2007-6572

CVE-2007-6572 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (BugID 6566204). Affected components: Sun Java System Web Server 6.1 (pre-SP8) and 7.0 (pre-Update ...

CVE-2007-6569

Sun Java System Web Proxy Server 4.x (and Web Server) are vulnerable to cross-site scripting in the View Error Log/related log-viewing function (BugID 6566246). The JVN entry confirms the issue is a client-side script injection via unspecified vectors, affecting the Web Server and Web Proxy Serve...

CVE-2007-6570

Cross-site scripting XSS vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309...

JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web...

Sun Java系统访问管理器多个安全漏洞

BUGTRAQ ID: 25842 Sun Java系统访问管理器是一个安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器实现上存在多个漏洞，远程攻击者可能利用这些漏洞实现非授权访问。 如果在Sun Java系统应用服务器9.1容器中安装了Sun Java系统访问管理器7.1且重启了容器，就不会显示认证屏。任何基于认证使用容器的应用程序都无法正确运行，因为任何用户都会未经认证便给予访问。这可能导致非特权的非管理用户执行管理任务，例如，管理控制台在访问这个应用时不再提示用户进行认证。因此，任何用户无论是否拥有管理权限，都可以管理应用服务器。 在Sun...

Code injection

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks...

CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-5152

Summary: CVE-2007-5152 affects Sun Java System Access Manager 7.1 when installed in a Sun Java System Application Server 9.1 container. The issue is that authentication is not required after a container restart, enabling remote attackers to perform administrative tasks. The vulnerability is evide...

CVE-2007-5153

Technical details about CVE-2007-5153 are not publicly available in the provided documents; affected products, impact, and remediation specifics are not disclosed. Monitor for updates from official sources.

JSPWiki Multiple Vulnerabilities

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...