1772 matches found
ProCheckUp Security Advisory 2007.11
PR07-11: Cross-site Request Forgery CSRF on Sun Java System Identity Manager Date Found: 11th June 2007 Vendor Contacted: 18th June 2007 Date Public: 10th November 2008 Severity: Medium/High Credits: Adrian Pastor and Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...
CVE-2008-5115
Cross-site request forgery CSRF vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp...
CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."...
Open redirect
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Directory traversal
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter...
CVE-2008-5114
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp...
CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2008-5115
Cross-site request forgery CSRF vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp...
CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter...
CVE-2008-5114
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5115
CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...
CVE-2008-5114
Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...
CVE-2008-5118
Sun Java System Identity Manager 6.0–6.0 SP4, 7.0, and 7.1 are affected by CVE-2008-5118, which enables remote attackers to inject frames from arbitrary sites and perform phishing via frame injection. The root cause is framed content handling that lacks proper validation, enabling cross-site fram...
CVE-2008-5116
Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...
CVE-2008-5117
The CVE-2008-5117 entry concerns Sun Java System Identity Manager. Affected versions are 6.0 (including SP4), 7.0, and 7.1. The vulnerability is an open redirect in the Identity Manager web interfaces that can let remote attackers redirect users to arbitrary sites, enabling phishing-style abuse. ...
CVE-2008-5098
Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904...
CVE-2008-5098
Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904...