CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1796
https://notcve.org/view.php?id=CVE-2009-1796
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Portal Server v6.3.1, v7.1, y v7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con una pagina de error. • http://osvdb.org/54705 http://secunia.com/advisories/35221 http://sunsolve.sun.com/search/document.do?assetkey=1-21-118950-38-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256588-1 http://www.securityfocus.com/bid/35082 http://www.securitytracker.com/id?1022273 http://www.vupen.com/english/advisories/2009/1411 https://exchange.xforce.ibmcloud.com/vulnerabilities/50704 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 83%CPEs: 6EXPL: 5CVE-2009-1729 – Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1729
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express 6 2005Q4 (también conocido como v6.2) y v6.3 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro (1) abperson_displayName para uwc/abs/search.xml en la implementación añadir contacto en el componente libro de direcciones personales o el parámetros (2) temporaryCalendars para uwc/base/UWCMain. • https://www.exploit-db.com/exploits/32863 https://www.exploit-db.com/exploits/32864 http://osvdb.org/54609 http://osvdb.org/54610 http://seclists.org/fulldisclosure/2009/May/0177.html http://secunia.com/advisories/32474 http://securitytracker.com/alerts/2009/May/1022266.html http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1 http://www.coresecurity.com/content/sun-communications-express • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 4%CPEs: 9EXPL: 2CVE-2009-1357 – Sun Java System Delegated Administrator 6.x - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2009-1357
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. Vulnerabilidad de inyección CRLF en da/DA/Login en Sun Java System Delegated Administrator desde v6.2 hasta v6.4 permite a atacantes remotos inyectar cabeceras HTTP de forma arbitraria y dirigir ataques de división de respuesta HTTP a través del parámetro "HELP_PAGE" • https://www.exploit-db.com/exploits/32940 http://osvdb.org/53920 http://secunia.com/advisories/34760 http://securitytracker.com/id?1022108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1 http://www.coresecurity.com/content/sun-delegated-administrator http://www.securityfocus.com/archive/1/502863/100/0/threaded http:/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1332
https://notcve.org/view.php?id=CVE-2009-1332
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. La característica Online Help en Sun Java System Directory Server 5.2 y Enterprise Edition 5 permite a atacantes remotos determinar la existencia de ficheros y directorios y posiblemente obtener contenidos parciales de ficheros mediante vectores no especificados. • http://osvdb.org/53800 http://secunia.com/advisories/34751 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1 http://www.securityfocus.com/bid/34548 http://www.vupen.com/english/advisories/2009/1059 •
CVSS: 5.0EPSS: 12%CPEs: 9EXPL: 3CVE-2009-1219 – Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
https://notcve.org/view.php?id=CVE-2009-1219
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. Sun Calendar Express Web Server en Sun ONE Calendar Server v6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de múltiples peticiones de la URI por defecto con caracteres alfabéticos en el parámetro "tzid". • https://www.exploit-db.com/exploits/32860 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34150 http://www.vupen.com/english/advisories/2009/0905 • CWE-20: Improper Input Validation •