1772 matches found
Solaris 5.8 (sparc) : 126356-03
Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 5.9 (x86) : 126357-03
Sun Java System Access Manager 7.1 Solarisx86. Date this patch was last updated by Sun : Jun/19/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 5.10 (x86) : 126357-03
Sun Java System Access Manager 7.1 Solarisx86. Date this patch was last updated by Sun : Jun/19/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 5.8 (x86) : 126357-03
Sun Java System Access Manager 7.1 Solarisx86. Date this patch was last updated by Sun : Jun/19/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
Design/Logic Flaw
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2008-0240
Sun Java System Identity Manager (versions 6.0 SP1–SP3, 7.0, 7.1) is affected by a vulnerability in /idm/help/index.jsp where the helpUrl parameter can be abused to inject frames from arbitrary sites, enabling phishing-like framing attacks. This aligns with the public CVE-2008-0240 description of...
CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."...
CVE-2008-0241
CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...
CVE-2008-0239
The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...
CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter...
Sun Java System Identity Manager Multiple XSS
The remote host is running Sun Java System Identity Manager, a Java application for user provisioning and identity auditing in enterprise environments. The version of Identity Manager installed on the remote host fails to sanitize user-supplied input to various JSP scripts before using it to...
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager Vulnerability found: 11th June 2007 Vendor informed: 18th June 2007 Severity: Medium Product description: "Identity Manager allows customers to...
Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection
Sun Java System Identity Manager 6.07.07.1 - idmhelpindex.jsp?helpUrl Remote Frame Injection source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting...
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...