4 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Webmail en Sun ONE Messaging Server v6.1 y iPlanet Messaging Server v5.2 anteriores a v5.2hf2.02 permite a atacantes remotos obtener "acceso" inespecífico al correo electrónico a través de un mensaje de correo electrónico manipulado, relacionado con un "secuestro de sesión", una vulnerabilidad diferente que CVE-2005-2022 y CVE-2006-5486. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201180-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Webmail en Sun ONE Messaging Server v6.1 e iPlanet Messaging Server v5.2 anterior a 5.2hf2.02, cuando se usa Internet Explorer, permite a atacantes inyectar secuencias de comandos web o HTML de su elección a través de un correo electrónico manipulado. Vulnerabilidad distinta de CVE-2005-2022 y CVE-2006-5486. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-56-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201601-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. pipe_master de Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) permite a usuarios locales leer partes de archivos restringidos a través de un ataque "symlink" (de enlace simbólicio) en msg.conf en un directorio identificado por la variable de entorno CONFIGROOT, lo que devuelve la primera línea del fichero en un mensaje de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html http://secunia.com/advisories/20919 http://securitytracker.com/id?1016312 http://securitytracker.com/id?1016416 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1 http://www.securityfocus.com/bid/18749 http://www.vupen.com/english/advisories/2006/2633 https://exchange.xforce.ibmcloud.com/vulnerabilities/27220 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1 http://www.vupen.com/english/advisories/2005/0816 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •