1772 matches found
CVE-2003-0413
Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...
CVE-2003-0413
CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...
Sun Java Runtime Environment allows untrusted applets to access information within trusted applets
Overview The Sun Java Runtime Environment JRE contains a vulnerability that may lead to sensitive information being leaked. Description Sun Microsystems describes the Sun JRE as follows:The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets...
Sun JRESDK 1.x - Untrusted Applet Java Security Model Violation
Sun JRESDK 1.x - Untrusted Applet Java Security Model Violation source: https://www.securityfocus.com/bid/7824/info It has been reported that the Sun Java Runtime Environment does not properly protect trusted java applets. Because of this, it may be possible for an attacker to use a malicious...
Sun Java Media Framework (JMF) Arbitrary Code Execution
The remote host is using Sun Microsystems's Java Media Framework JMF. There is a bug in the version installed that may allow an untrusted applet to crash the Java Virtual Machine it is being run on, or even to gain unauthorized privileges. An attacker could exploit this flaw to execute arbitrary...
CVE-2000-0812
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag...
CVE-2000-0812
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag...
Sun Java Web Server bboard Servlet Command Execution
The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet comes with default installations of Sun Java Web Server and has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2000-0629
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet...
Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure
source: https://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. http://javawebserver.com/pservlet.html User: sherwin User: floorsoft User: shaw User:...
CVE-2000-0629
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet...
Sun Java Web Server 1.1 Beta - Viewable .jhtml Source
source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. If a URL is submitted requesting a .jhtml file an HTML document with embedded Java sourc...