CVE-2006-4353

The CVE concerns Sun Java System Content Delivery Server versions 4.0, 4.1 and 5.0. Affected component: Content Delivery Server; vulnerability type described as an unspecified flaw that allows local and remote attackers to read data from arbitrary files via unspecified vectors. The exact root cau...

[SA21628] Sun Java System Content Delivery Server Arbitrary File Disclosure

TITLE: Sun Java System Content Delivery Server Arbitrary File Disclosure SECUNIA ADVISORY ID: SA21628 VERIFY ADVISORY: http://secunia.com/advisories/21628/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Sun Java System Content Delivery Server...

Sun Java System Content Delivery Server directory traversal

No description provided...

CVE-2006-3921

Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...

CVE-2003-1301

CVE-2003-1301 affects Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06 (and usage in multiple web browsers), where deeply nested object arrays are not properly handled by the garbage collector, enabling remote denial of service (application crash) via invalid memor...

CVE-2005-4806

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service unresponsive service via unknown vectors...

CVE-2005-4804

Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications...

CVE-2005-4805

Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.

CVE-2005-4804

Technical details about CVE-2005-4804 are not publicly available in the provided documents. Monitor for updates.

CVE-2005-4806

CVE-2005-4806 affects Sun Java System Web Proxy Server 3.6 SP7 and earlier. The vulnerability is described as multiple unspecified remote vulnerabilities that allow an attacker to cause a denial of service (unresponsive service) via unknown vectors. The provided sources identify the affected prod...

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...

Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"

IE + some popular forward proxy servers = XSS, defacement browser cache poisoning Or "Exploiting the XmlHttpRequest object in IE" part II Amit Klein, May 2006 Preface ======= When I published my Exploiting the XmlHttpRequest object in IE - Referrer spoofing and a lot more..." 1 paper, I only...

CVE-2006-2513

Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges...

CVE-2006-2513

Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges...

CVE-2006-2513

Sun Java System Directory Server 5.2 contains a flaw in the installation process that writes incorrect user data to a file created during installation, enabling privilege elevation for remote attackers or local users. The connected Nessus entry (Sun Server Console Authentication Bypass) notes a d...

[SA20147] Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability

TITLE: Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA20147 VERIFY ADVISORY: http://secunia.com/advisories/20147/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7.x...

CVE-2006-2426

CVE-2006-2426 affects Sun JRE/JDK/J2SDK 1.5.0_6 and earlier. The vulnerability enables a remote attacker to cause a denial of service via disk consumption by abusing Font.createFont to create temporary files in the %temp% directory. Affected products include Sun JRE/JDK/Sun SDK up to 1.5.0_6; con...

[SA20144] Sun Java System Directory Server Authentication Bypass

TITLE: Sun Java System Directory Server Authentication Bypass SECUNIA ADVISORY ID: SA20144 VERIFY ADVISORY: http://secunia.com/advisories/20144/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Sun Java System Directory Server 5.x...

Sun Java Applet - Font.createFont Remote Denial of Service

source: https://www.securityfocus.com/bid/17981/info Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the application to create a temporary file that will grow in an...

Sun Java Applet - Font.createFont Remote Denial of Service

Sun Java Applet - Font.createFont Remote Denial of Service source: https://www.securityfocus.com/bid/17981/info Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the...