CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0169
https://notcve.org/view.php?id=CVE-2009-0169
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. Sun Java System Access Manager v7.1 permite a administradores autenticados sub-realm obtener privilegios, como se ha demostrado mediante la creación de una cuenta amadmin en el sub-realm, y entonces entran como amadmin en la raíz realm. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1 http://www.securityfocus.com/bid/33266 http://www.securitytracker.com/id?1021604 http://www.vupen.com/english/advisories/2009/0157 https://exchange.xforce.ibmcloud.com/vulnerabilities/47944 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2008-5662
https://notcve.org/view.php?id=CVE-2008-5662
Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. Desbordamiento múltiple de búfer en Sun Java Wireless Toolkit (WTK) para CLDC 2.5.2 y versiones anteriores que permite descargar programas para ejecutar arbitrariamente código a través de vectores desconocidos. • http://secunia.com/advisories/33159 http://sunsolve.sun.com/search/document.do?assetkey=1-26-247566-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019851.1-1 http://www.securityfocus.com/bid/32862 http://www.securitytracker.com/id?1021414 http://www.vupen.com/english/advisories/2008/3439 https://exchange.xforce.ibmcloud.com/vulnerabilities/47376 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5549
https://notcve.org/view.php?id=CVE-2008-5549
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." Vulnerabilidad sin especificar en los componentes de Sun Java Web Console en Sun Java System Portal Server v7.1 y v7.2 permite a atacantes remotos acceder a ficheros locales y leer la información de configuración del producto mediante vectores desconocidos, relacionado a "acceso a ficheros seguros por ThemeServlet". • http://secunia.com/advisories/33120 http://securitytracker.com/id?1021380 http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243886-1 http://www.securityfocus.com/bid/32770 http://www.vupen.com/english/advisories/2008/3408 https://exchange.xforce.ibmcloud.com/vulnerabilities/47256 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5550
https://notcve.org/view.php?id=CVE-2008-5550
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. Vulnerabilidad involuntaria de redirección en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y realizar ataques de phising a través del parámetro redirect_url. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1 http://www.securityfocus.com/bid/32771 https://exchange.xforce.ibmcloud.com/vulnerabilities/47257 •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2008-5422
https://notcve.org/view.php?id=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •