BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

SUN JRE: Unspecified vulnerability in Sun JRE

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2007-2789. Note: All CVE users should reference CVE-2007-2789 instead of this candidate...

Sun Java System Calendar服务器拒绝服务漏洞

BUGTRAQ ID: 29763 CNCAN ID：CNCAN-2008061906 Sun Java System Calendar Server是一款基于Java的日程服务程序。 Sun Java System Calendar Server在访问日志开启时存在未明安全问题，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun ONE Calendar Server 6.0 Sun Java System Calendar Server 6.3 Sun Java System Calendar Server 6 2005Q4 Sun Java...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2749

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2008-2749

CVE-2008-2749 affects Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, where the cshttpd component is vulnerable when access logging (service.http.commandlog.all) is enabled. The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified v...

CVE-2008-2749

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2008-2751

CVE-2008-2751 concerns multiple XSS vulnerabilities in the GlassFish 2 Sun Java System Application Server 9.1_01 webadmin interface. The disclosed vectors affect the JSF pages (resourceNode, applications, etc.) via numerous form fields (e.g., jndiProp, resTypeProp, factoryClassProp, descProp, nam...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2705

Unspecified vulnerability in Sun Java System Access Manager AM 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition DSEE, allows remote attackers to bypass authentication via unspecified vectors...

Authentication flaw

Unspecified vulnerability in Sun Java System Access Manager AM 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition DSEE, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2008-2705

Technical details about CVE-2008-2705 are not publicly available in the provided connected documents. Monitor for updates from official advisories; sources summarize an authentication bypass in Sun Java System Access Manager with DSEE, but specifics are not given.

glassfish-xss.txt

============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

CVE-2008-2405

Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...

Stack overflow

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field...