CVE-2009-1082

Sun Java System Identity Manager (IdM) 7.0–8.0 is affected by a privilege-escalation issue where remote authenticated users can submit crafted commands to the Admin Console to gain administrative privileges (e.g., account creation) via the saveNoValidate and related saveNoValidateAllowedFormsAndW...

Sun Java System Identity Manager多个安全漏洞

BUGTRAQ ID: 34191 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Sun Java System Identity Manager（IdM）受多个安全漏洞影响，具体如下： 由于没有使用SSL加密某些连接，远程非特权用户可以非授权访问客户端与IdM服务器之间所传输的数据（17763）。 本地或远程非特权用户可以判断是否存在有效的IdM帐号名（18052，18104）。 在IdM服务器上拥有帐号的用户可以更改其他IdM帐号的口令（18578）。...

Sun Java System Messenger Express 6.3-0.15 - 'error' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34140/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Sun Java System Messenger Express 6.3-0.15 - error Cross-Site Scripting

Sun Java System Messenger Express 6.3-0.15 - error Cross-Site Scripting source: https://www.securityfocus.com/bid/34140/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...

Sun Java System Messenger Express XSS

Product:Sun Javatm System Messenger Express Version: 6.3-0.15 Author:syniack contact:[email protected] Vulnerable link: http://example.com/?user=admin&error="alert1; -- SyN/AcK RuLzZ...

CVE-2009-0877

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the 1 Full Name or 2 Subject field...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the 1 Full Name or 2 Subject field...

CVE-2009-0877

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the 1 Full Name or 2 Subject field...

CVE-2009-0877

The CVE-2009-0877 entry describes multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express. The affected component is the web interface of Sun Java System Communications Express, where attackers can inject arbitrary web script or HTML via the Full Name or Subj...

Sun Java System Communications Express [HTML Injection]

Hello, I have found a HTML Injection vulnerability in Sun Java™ System Communications Express, a web client that provides an integrated web-based communication and collaboration client to the Sun Java Communications Suite. It consists of three client modules - Calendar, Address Book, and Mail. He...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6192

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6192

Multiple cross-site scripting XSS vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6192

CVE-2008-6192 describes multiple XSS vulnerabilities in unspecified Portlets of Sun Java System Portal Server 7.0 and 7.1. The initial description notes remote injection of arbitrary scripts via unknown vectors, without concrete exploit details. Connected documents include Solaris patch reference...

Sun Java系统目录服务器目录代理服务器组件JDBC后端拒绝服务漏洞

BUGTRAQ ID: 33761 CVECAN ID: CVE-2009-0609 Sun Java系统目录服务器是Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java系统目录服务器企业版的Sun Java系统目录代理服务器组件中存在拒绝服务漏洞，本地或远程非特权用户可以通过发送特制的LDAP请求导致服务器不响应某些表示JDBC后端的请求。 Sun Java System Directory Server 企业版6.3 Sun Java System Directory Server 企业版6.2 Sun Java System Directory...

Design/Logic Flaw

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

CVE-2009-0609

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

CVE-2009-0609

CVE-2009-0609 affects Sun Java System Directory Proxy Server (within Sun Java System Directory Server Enterprise Edition) versions 6.0–6.3. When a JDBC data source is used, the server does not properly handle (1) a long value in an ADD or (2) long string attributes, enabling remote attackers to c...

CVE-2009-0576

Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service daemon crash via crafted LDAP requests...

Code injection

Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service daemon crash via crafted LDAP requests...