15 matches found
CVE-2008-5422
CVE-2008-5422 concerns Sun Sun Ray Server Software 3.1–4.0, where access is not properly restricted, enabling remote attackers to discover the Sun Ray administrator password and gain admin access to the Data Store and Administration GUI via unspecified vectors. Affected products include Sun Ray C...
CVE-2007-0482
The CVE-2007-0482 entry concerns Sun Ray Server Software 2.0 and 3.0 prior to 20070123, where local users could obtain the utadmin password by reading the web server log or via an unspecified local attack. The vulnerability is characterized as a local, low-complexity issue with partial confidenti...
CVE-2008-5423
Sun Sun Ray Server Software (3.x/4.0) and Sun Ray Windows Connector (1.1/2.0) expose the LDAP password during a configuration step, enabling local users to discover the Sun Ray administrator password and obtain admin access to the Data Store and Administration GUI via the utconfig (Server Softwar...
CVE-2004-0701
The affected product is Sun Ray Server Software (SRSS) 1.3 and 2.0 running on Solaris 2.6, 7, or 8. The issue is that SRSS does not reliably detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which can leave a user session logged in and allow local users t...
CVE-2008-2112
CVE-2008-2112 affects Sun Ray Kiosk Mode 4.0. The vulnerability allows local and remote authenticated Sun Ray administrators to gain root privileges through unknown/utconfig-related vectors. The exact root cause and exploited components are not fully detailed in the provided documents, but the im...
CVE-2009-4294
CVE-2009-4294 affects Sun Ray Server Software 4.0 and 4.1, via the Authentication Manager (utauthd). The linked sources describe an unspecified vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service through unknown vectors. The NVD entry rates this as hi...
CVE-2002-2036
Sun Ray Server Software (SRSS) 1.3 with Non-Smartcard Mobility (NSCM) enabled is affected. The issue allows remote attackers to log in as another user by running dtlogin on a system with XDMCP client support, indicating a network-exposed authentication bypass via XDMCP/X11 components. The core de...
CVE-2009-2489
Technical details for CVE-2009-2489 are not publicly provided in the connected documents. The references describe an unspecified local-access vulnerability in Sun Ray Server Software 4.0 but do not specify affected versions, exploitation vectors, or fixes. Monitor for updates.
CVE-2009-4314
CVE-2009-4314 affects Sun Ray Server Software 4.1 on Solaris 10. When Automatic Multi-Group Hotdesking (AMGH) is enabled, a logout action results in the user being immediately logged back in, enabling physical access by someone at an unattended DTU device to gain a session. Root cause is the logo...
CVE-2006-4049
CVE-2006-4049 concerns an unspecified local vulnerability in the utxconfig utility of Sun Ray Server Software 3.x that allows local users to create or overwrite arbitrary files via unknown attack vectors. The linked Nessus plugins reference Sun patch 114880-12 as a remediation for Sun Ray Server ...
CVE-2009-2490
CVE-2009-2490 affects Sun Ray Server Software (SRSS) 4.0, specifically the utaudiod daemon when Solaris Trusted Extensions is enabled. The issue allows local users to cause a denial of service (audio outage) and potentially gain privileges due to resource leaks. The provided description does not ...
CVE-2009-4295
Sun Ray Server Software 4.0/4.1 on Sun Ray 1, 1g, 100, and 150 DTU devices does not generate a unique DSA private key for firmware, which can allow remote attackers to predict a key and decrypt sniffed network traffic. The CVE entry documents this vulnerability and its impact as described by mult...
CVE-2007-6482
Technical details about CVE-2007-6482 are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources only reiterate an unspecified remote denial-of-service against Sun Ray Server's utdevmgrd.
CVE-2009-2491
The CVE-2009-2491 entry describes a vulnerability in the utaudiod daemon of Sun Ray Server Software (SRSS) 4.0 where, with Solaris Trusted Extensions enabled, local users could access other users’ sessions via unknown vectors related to resource leaks. The available sources (NVD/NVD mirror) confi...
CVE-2007-6481
Technical details are not publicly available in the provided documents; no affected products/versions or vectors are specified. Monitor for updates.