12 matches found
CVE-2004-0826
CVE-2004-0826 affects the Netscape Network Security Services (NSS) library’s SSLv2 record parsing. The issue is a heap-based buffer overflow triggered by a modified record length field in an SSLv2 client hello, allowing a remote attacker to execute arbitrary code. Multiple advisories and OpenVAS ...
CVE-2006-2501
CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...
CVE-2002-1042
CVE-2002-1042 describes a directory traversal flaw in iPlanet Web Server 6.0 SP2, 4.1 SP9, and Netscape Enterprise Server 3.6 on Windows, allowing remote attackers to read arbitrary files via ..\ in the NS-query-pat parameter. Connected sources confirm the affected products and the vulnerable par...
CVE-2003-0413
CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...
CVE-2006-6276
Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...
CVE-2005-4046
The CVE-2005-4046 entry affects the Reverse SSL Proxy Plug-in used with Sun Java System Application Server Standard Edition 7 (2004Q2), Application Server Enterprise Edition 8.1 (2005Q1), and Sun ONE Application Server 7 Standard Edition. The vulnerability is unspecified but allows remote attacke...
CVE-2003-0414
The CVE-2003-0414 entry describes a vulnerability in Sun ONE Application Server 7.0 on Windows 2000/XP where a generated statefile is created with world-readable permissions. This allows a local attacker to read the plaintext password stored in the statefile, enabling privilege escalation or unau...
CVE-2006-5654
CVE-2006-5654 concerns the NSS component used by Sun Java System Web Server 6.0 (pre-SP10) and ONE Application Server 7 (pre-Update 3) when SSLv2 is enabled, allowing remote authenticated users to cause a denial of service. Connected documents indicate related NSS issues (e.g., CVE-2006-5201) and...
CVE-2004-1815
CVE-2004-1815 affects ColdFusion MX 6.0/6.1 and JRun 4.0 where a SOAP web service expecting an array of objects as an argument can trigger a denial of service via memory exhaustion. The connected advisory (CPAI-2004-114) indicates the issue involves how Apache Axis handles SOAP arrays within requ...
CVE-2002-0387
CVE-2002-0387 refers to a buffer overflow in the gxnsapi6.dll NSAPI plugin of the Sun ONE Application Server’s Connector Module. The overflow occurs when handling a long HTTP request URL, enabling a remote attacker to potentially execute arbitrary code on affected hosts. The issue affects Sun ONE...
CVE-2003-0412
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of long HTTP requests, which could allow remote attackers to hide malicious activities. The available documents do not provide a remediation or explicit exploit details.
CVE-2006-3225
CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...