CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

Code injection

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

Sun Java JRE XML Signature Command Injection (102993)

The version of Sun Java Runtime Environment JRE installed on the remote host reportedly does not securely process XSLT stylesheets containing XSLT Transforms in XML Signatures. If an attacker can pass a specially crafted XSLT stylesheet to a trusted Java application running on the remote host,...

Sun Java System Access Manager密码信息泄露漏洞

Sun Java System Access Manager是一款为企业提供了身份联合方面的一个可互操作、基于标准的强大验证和授权解决方案。 Sun Java System Access Manager存在设计错误，本地攻击者可以利用漏洞获得用户密码敏感信息。 当在Sun Java System Access Manager的调试级别如果设置为"message"，登录密码会以明文方式记录，因此本地非特权用户可读取。 Sun Java System Access Manager 6.2 2004Q2 Solaris x Sun Java System Access Manager 6.2...

Sun Java System Server XSLT处理远程Java方法执行漏洞

BUGTRAQ ID: 24850 CNCAN ID:CNCAN-2007071110 Sun Java System Application Server和Sun Java System Web Server是应用服务程序和WEB服务程序。 Sun Java System Application Server和Sun Java System Web Server不正确处理XML签名中的XSLT传送中包含的XSLT样式表单，远程攻击者可以利用漏洞执行任意Java方法。 Sun Java System Web Server 7.0 Sun Java System Application...

CVE-2007-3700

Sun Java System Access Manager formerly Java System Identity Server before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading...

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716...

CVE-2007-3715

CVE-2007-3715 affects Sun Java System Application Server and Web Server (7.0–9.0 prior to 20070710). The issue arises in XSLT transforms used in XML signatures, where an attacker could craft a stylesheet to trigger a context-dependent Java method execution, enabling remote code execution. The des...

CVE-2007-3700

Sun Java System Access Manager formerly Java System Identity Server before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading...

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716...

CVE-2007-3700

CVE-2007-3700 affects Sun Java System Access Manager (formerly Java System Identity Server) prior to 20070710. When AMConfig.properties sets com.iplanet.services.debug.level to a debug value, the product logs cleartext login passwords to /var/opt/SUNWam/debug/amAuth, enabling a local user to read...

Sun Java Webstart buffer overflow

Buffer overflow on JNLP file parsing...

SUN Java JNLP Overflow

======================================================================== = SUN Java JNLP Overflow = = Vendor Advisory: = http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1 = = Affected Software: = Java Web Start in JDK and JRE 6 Update 1 and earlier = Java Web Start in JDK and JRE...

CVE-2007-3655

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

CVE-2007-3655

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

Sun Java Web Start JNLP File Handling Overflow (102996)

There is reportedly a buffer overflow in the Java Web Start utility distributed with the version of Sun Java Runtime Environment JRE installed on the remote host. If an attacker can convince a user on the affected host to open a specially crafted JNLP file, arbitrary code could be executed subjec...

Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow

Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow source: https://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it...

Directory traversal

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...

CVE-2007-3504

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...