CVSS: 5.0EPSS: 12%CPEs: 9EXPL: 3CVE-2009-1219 – Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
https://notcve.org/view.php?id=CVE-2009-1219
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. Sun Calendar Express Web Server en Sun ONE Calendar Server v6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de múltiples peticiones de la URI por defecto con caracteres alfabéticos en el parámetro "tzid". • https://www.exploit-db.com/exploits/32860 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34150 http://www.vupen.com/english/advisories/2009/0905 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1218 – Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1218
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Calendar Express Web Server en Sun ONE Calendar Server 6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro "fmt-out" de login.wcap o (2) el parámetro "date" de command.shtml. • https://www.exploit-db.com/exploits/32862 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34152 http://www.securityfocus.com/bid/34153 http://www.vupen.com/english/advisories/2009/0905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 2%CPEs: 5EXPL: 0CVE-2008-2749
https://notcve.org/view.php?id=CVE-2008-2749
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. Vulnerabilidad sin expecificar en cshttpd in Sun Java System Calendar Server 6 y 6.3, y Sun ONE Calendar Server 6.0, cuando el access logging (tambien conocido como service.http.commandlog.all) está activado, permite a atacantes remotos provocar una denegación de servicio (caida de demonio), a través de vectores no especificados. • http://secunia.com/advisories/30694 http://sunsolve.sun.com/search/document.do?assetkey=1-66-235521-1 http://www.securityfocus.com/bid/29763 http://www.securitytracker.com/id?1020299 http://www.vupen.com/english/advisories/2008/1857 https://exchange.xforce.ibmcloud.com/vulnerabilities/43127 •