8 matches found
Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express Web Server Advisory ID: CORE-2009-010...
Sun Java System Calendar Server多个模块跨站脚本漏洞
BUGTRAQ ID: 34152,34153 CVECAN ID: CVE-2009-1218 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 Calendar Server中的login.wcap组件没有正确地验证用户所提交的fmt-out参数,command.shtml组件没有正确地验证date参数。远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意代码。 Sun Java System Calendar Server 6.3 Sun Java System Calend...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...
CVE-2009-1218
Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...
Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting
Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...
Design/Logic Flaw
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...
CVE-2008-2749
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...
CVE-2008-2749
CVE-2008-2749 affects Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, where the cshttpd component is vulnerable when access logging (service.http.commandlog.all) is enabled. The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified v...