DSquare Exploit Pack: D2SEC_SUNASP1

Name| d2secsunasp1 ---|--- CVE| CVE-2008-2402 Exploit Pack| D2ExploitPack Description| Sun Java System Active Server Pages Information Disclosure Notes|...

DSquare Exploit Pack: D2SEC_SUNASP2

Name| d2secsunasp2 ---|--- CVE| CVE-2008-2403 Exploit Pack| D2ExploitPack Description| Sun Java System Active Server Pages Directory Traversal Notes|...

CVE-2008-2406

The administration application server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102...

CVE-2008-2404

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field...

Code injection

Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...

Improper access control

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

Authentication flaw

The administration application server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102...

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

CVE-2008-2404

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field...

CVE-2008-2406

The administration application server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102...

CVE-2008-2403

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages ASP Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. dot dot in the Path parameter to the MapPath method...

CVE-2008-2401

Sun Java System Active Server Pages (ASP) Server 4.x contains a file-include based vulnerability (CVE-2008-2401) in the Admin Server that lets remote attackers cause writing or appending to arbitrary files by abusing the first argument to a file included by multiple ASP applications. The issue al...

CVE-2008-2406

The CVE-2008-2406 issue affects Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The vulnerability allows remote attackers to bypass authentication by sending direct requests to the administration server, which listens on TCP port 5102, enabling unauthorized access to the administ...

CVE-2008-2402

CVE-2008-2402 involves Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The Admin Server stores sensitive information under the web root with insufficient access control, allowing remote attackers to read password hashes and configuration data via direct requests for unspecified d...

CVE-2008-2403

Sun Java System Active Server Pages (ASP) Server before 4.0.3 contains multiple directory traversal vulnerabilities in ASP applications that allow remote attackers to read or delete arbitrary files by supplying a dot-dot sequence in the Path parameter to MapPath. Affected software is the Sun Java...

CVE-2008-2405

Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...

CVE-2008-2401

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications...

CVE-2008-2405

CVE-2008-2405 affects Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The issue is that several of the administration ASP applications fail to filter or escape user input before using it to generate commands, allowing remote attackers to inject shell commands via HTTP requests to...

CVE-2008-2404

CVE-2008-2404 affects Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The issue is a stack-based buffer overflow in the request handling code that allows remote code execution via an unspecified string field. Exploitation is described as possible from the web context, with no aut...

CVE-2008-2518

CVE-2008-2518 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3, affecting the advanced search (webapps/search/advanced.jsp). The underlying issue is an HTML/script injection via unspecified vectors (likely related to the next parameter). Exploitation de...