Page 13 of 205 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2

CVE-2009-1218 – Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-1218

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Calendar Express Web Server en Sun ONE Calendar Server 6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro "fmt-out" de login.wcap o (2) el parámetro "date" de command.shtml. • https://www.exploit-db.com/exploits/32862 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34152 http://www.securityfocus.com/bid/34153 http://www.vupen.com/english/advisories/2009/0905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-1104 – OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)

https://notcve.org/view.php?id=CVE-2009-1104

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. El plug-in Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 actualización 17 y anteriores; 6 actualización 12 y anteriores; y v1.4.2_19 y anteriores no previenen Javascript que es cargada desde el localhost desde la conexión a otros puertos en el sistema, lo que permite a los atacantes asistidos por el usuario evitar las restricciones de acceso intencionadas a través de via LiveConnect, también conocido como CR 6724331. NOTA: esta vulnerabilidad puede ser elevada con separadas vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - para vectores de ataque remoto. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34495 http://secunia.com/advisories/34496 http://secunia.com/advisories/35156 http://secunia • CWE-16: Configuration •

CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 0

CVE-2009-1103 – OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)

https://notcve.org/view.php?id=CVE-2009-1103

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. Vulnerabilidad sin especificar en el Plug-in Java enn Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 17 y anteriores; 6 Update 12 y anteriores; v1.4.2_19 y anteriores; y v1.3.1_24 y anteriores, permiten a atacantes remotos acceder a archivos de su elección y ejecutar código de su elección a través de vectores no especificados relacionados con "desserialización de applets," también conocido como CR 6646860. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34495 http://secunia.com/advisories/34496 http://secunia.com/advisories/35156 http://secunia •

CVSS: 6.8EPSS: 8%CPEs: 1EXPL: 0

CVE-2009-1102 – OpenJDK code generation vulnerability (6636360)

https://notcve.org/view.php?id=CVE-2009-1102

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." Vulnerabilidad sin especificar en la Máquina Virtual de Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 6 Update 12 y anteriores, permite a atacantes remotos acceder a ficheros y ejecutar código de su elección a través de vectores desconocidos relacionados con la "generación de código". • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34489 http://secunia.com/advisories/34496 http://secunia.com/advisories/34632 http://secunia.com/advisories/35223 http://secunia.com/advisories/35255 http://secuni • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2009-1105 – OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)

https://notcve.org/view.php?id=CVE-2009-1105

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. El plug-in en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update 12, 11 y 10 permite a atacantes remotos asistidos por usuarios locales, provocar una que un applet de confianza ejecutarse en una versión del JRE antigua, lo que puede ser utilizado para explotar vulnerabilidades en esa versión antigua, también conocido como CR 6706490. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34496 http://secunia.com/advisories/35156 http://secunia.com/advisories/35255 http://secu •