Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served,...

Sun Java System Directory Server信息泄漏漏洞

BUGTRAQ ID: 34548 CNCAN ID：CNCAN-2009041704 Sun Java System Directory Server是一款Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java System Directory Server包含的在线帮助组件存在安全问题，远程攻击者可以利用漏洞判断文件或目录是否存在，导致敏感信息泄漏。 目前没有详细漏洞细节提供。 Sun Java System Directory Server Enterprise Edition 5 Sun Java System Directory Server...

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can...

Design/Logic Flaw

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

CVE-2009-1332

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

CVE-2009-1332

Summary: CVE-2009-1332 corresponds to an information-disclosure vulnerability in Sun Java System Directory Server's Online Help feature. The issue allows remote attackers to determine whether certain files or directories exist, and in some cases obtain a single line of a file, via unspecified vec...

POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration

============================================================ Sun Java System Acccess Manager & Identity Manager Users Enumeration ============================================================ Affected Software: Sun Java System Access Server, OpenSSo Sun Java System Identity Manager Author: Marco...

SUSE: Security Advisory for Sun Java 5 and 6 (SUSE-SA:2009:016)

The remote host is missing updates announced in advisory SUSE-SA:2009:016. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)

The remote host is missing updates announced in advisory SUSE-SA:2009:016. OpenVAS Vulnerability Test $Id: susesa2009016.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:016 Sun Java 5 and 6 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Sun Java System Calendar Server多个模块跨站脚本漏洞

BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数，command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...

Sun Java System Calendar Server重复URI请求拒绝服务漏洞

BUGTRAQ ID: 34150 CVECAN ID: CVE-2009-1219 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话，就会导致Calendar Server进程崩溃，可能留下类似于以下栈追踪的崩溃dump，具体取决于系统配置： $ pstack core ... ... ----------------- lwp 4 / thread 4 --------------------...

CVE-2009-1218

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

RedHat Security Advisory RHSA-2009:0394

The remote host is missing updates announced in advisory RHSA-2009:0394. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:0392

The remote host is missing updates announced in advisory RHSA-2009:0392. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software...

Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...

RedHat Security Advisory RHSA-2009:0394

The remote host is missing updates announced in advisory RHSA-2009:0394. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:0392

The remote host is missing updates announced in advisory RHSA-2009:0392. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software...