Sun Java系统Web服务器高级搜素机制跨站脚本漏洞

BUGTRAQ ID: 29355 Sun Java System Web Server是高性能的WEB服务器。 Sun Java系统Web服务器的高级搜素机制没有正确地过滤某些用户输入，远程非特权可以通过提交恶意搜索请求执行跨站脚本攻击，导致用户在客户端的web浏览器中执行任意JavaScript命令，这可能允许远程用户窃取cookie信息、劫持会话或导致损失数据保密性。 Sun Java System Web Server 7.0 Update 2 Sun Java System Web Server 7.0 Update 1 Sun Java System Web Server 7...

Sun Java System Web Server cross-site scripting vulnerability

Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

Java Plugin same-origin-policy bypass

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service crash via unknown vectors...

Untrusted Java Web Start arbitrary file creation

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."...

CVE-2008-2166

Cross-site scripting XSS vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp...

CVE-2008-2166

CVE-2008-2166 affects Sun Java System Web Server 6.1 (pre-SP9) and 7.0 (pre-Update 2). The issue is a cross-site scripting vulnerability in the Search module (index.jsp) caused by insufficient input sanitization, enabling remote injection of arbitrary script/HTML. The connected documents provide ...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

CVE-2008-2120

CVE-2008-2120 is an information-disclosure vulnerability in Sun Java System Application Server 7 (2004Q2) before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 that allows remote attackers to obtain the source code of JSP files via unknown vectors. Affected components are...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Sun Java System Directory Server bind-dn Remote Privilege Escalation

The version of Sun Java System Directory Proxy Server running on the remote host is affected by an unauthorized access vulnerability. Specifically, the server fails to properly classify connections in relation to 'binddn' parameter. Successful exploitation of this issue might allow an unprivilege...

Sun Java系统目录代理服务器远程非授权访问漏洞

BUGTRAQ ID: 28941 Sun Java系统目录服务器是Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java系统目录代理服务器错误的基于bind-dn标准对连接进行分类，导致应用了错误的策略，成功利用这个漏洞可能允许远程非特权用户获得对服务器的非授权管理访问。 Sun Java System Directory Server 6.2 Sun Java System Directory Server 6.1 Sun Java System Directory Server 6.0 Sun ---...

CVE-2008-1995

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server...

CVE-2008-1995

Affected software : Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2. Vulnerability : connection classification using the bind_dn criterion can cause incorrect policy application. Impact : may allow a remote attacker to bypass intended access restrictions and gains remote administrative a...

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application...

Sun Java System Messenger Express 6.1-13-15 - sid Cross-Site Scripting

Sun Java System Messenger Express 6.1-13-15 - sid Cross-Site Scripting source: https://www.securityfocus.com/bid/28649/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...

openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5133)

Sun Java was updated to 1.5.0u15 to fix following security vulnerabilities : - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers...