CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2766
https://notcve.org/view.php?id=CVE-2004-2766
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Webmail en Sun ONE Messaging Server v6.1 y iPlanet Messaging Server v5.2 anteriores a v5.2hf2.02 permite a atacantes remotos obtener "acceso" inespecífico al correo electrónico a través de un mensaje de correo electrónico manipulado, relacionado con un "secuestro de sesión", una vulnerabilidad diferente que CVE-2005-2022 y CVE-2006-5486. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201180-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2765
https://notcve.org/view.php?id=CVE-2004-2765
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Webmail en Sun ONE Messaging Server v6.1 e iPlanet Messaging Server v5.2 anterior a 5.2hf2.02, cuando se usa Internet Explorer, permite a atacantes inyectar secuencias de comandos web o HTML de su elección a través de un correo electrónico manipulado. Vulnerabilidad distinta de CVE-2005-2022 y CVE-2006-5486. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-56-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201601-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2006-5652 – iPlanet Messaging Server - Messenger Express Expression() HTML Injection
https://notcve.org/view.php?id=CVE-2006-5652
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. Vulnerabilidad de cruce de sitios en scripts (XSS) en Sun iPlanet Messaging Server Messenger Express permite a atacantes remotos inyectar scripts WEB de su elección mediante el la expresión de la función CSS (Cascading Style Sheets), como se demuestra fijando el estilo anchura (width) para un elemento IMG. NOTA: Esta vulnerabilidad podría estar en relación con CVE-2006-5486, sin embargo debido a la ligereza de las notificaciones iniciales, y a diferentes investigadores, se le ha asignado un nuevo CVE. • https://www.exploit-db.com/exploits/28890 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html http://securityreason.com/securityalert/1806 http://www.securityfocus.com/archive/1/450184/100/0/threaded http://www.securityfocus.com/bid/20838 https://exchange.xforce.ibmcloud.com/vulnerabilities/29929 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5486
https://notcve.org/view.php?id=CVE-2006-5486
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmail en Sun Java System Messaging Server 6.0 hasta 6.2 y en iPlanet Messaging Server 5.2 permite a atacantes remotos ejecutar código Javascript de su elección mediante mensajes artesanales. • http://secunia.com/advisories/22575 http://securitytracker.com/id?1017113 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1 http://www.securityfocus.com/bid/20708 http://www.vupen.com/english/advisories/2006/4183 https://exchange.xforce.ibmcloud.com/vulnerabilities/29806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3159
https://notcve.org/view.php?id=CVE-2006-3159
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. pipe_master de Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) permite a usuarios locales leer partes de archivos restringidos a través de un ataque "symlink" (de enlace simbólicio) en msg.conf en un directorio identificado por la variable de entorno CONFIGROOT, lo que devuelve la primera línea del fichero en un mensaje de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html http://secunia.com/advisories/20919 http://securitytracker.com/id?1016312 http://securitytracker.com/id?1016416 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1 http://www.securityfocus.com/bid/18749 http://www.vupen.com/english/advisories/2006/2633 https://exchange.xforce.ibmcloud.com/vulnerabilities/27220 •