CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2008-5423
https://notcve.org/view.php?id=CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. Sun Ray Server Software v3.x y v4.0 y Sun Ray Windows Connector v1.1 y v2.0 exponen la contraseña LDAP durante un paso de configuración, lo que permite a usuarios locales descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y el Administration GUI, mediante vectores no especificados relacionados con el componente utconfig de el Server Software y el componente uttscadm de el Windows Connector. • http://secunia.com/advisories/33108 http://secunia.com/advisories/33119 http://securitytracker.com/id?1021379 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm http://www.securityfocus.com/bid/32772 http://www.vupen.com/english/advisories/2008/3406 http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2008-5266 – Sun GlassFish 2.1 - 'name' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5266
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en configuration/httpListenerEdit.jsf en la interfaz GlassFish 2 UR2 b04 webadmin en Sun Java System Application Server v9.1_01 build b09d-fcs y v9.1_02 build b04-fcs permite a atacantes remotos inyectar web script o HTML a través del parámetro "name", un vector diferente a CVE-2008-2751. • https://www.exploit-db.com/exploits/31901 http://secunia.com/advisories/30604 http://securityreason.com/securityalert/4659 http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application http://www.securityfocus.com/archive/1/493243/100/0/threaded http://www.securityfocus.com/bid/29646 https://exchange.xforce.ibmcloud.com/vulnerabilities/47029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 1CVE-2008-5115 – Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5115
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticación de administradores para peticiones que actualizan la contraseña por medio del archivo idm/admin/changeself.jsp. • https://www.exploit-db.com/exploits/32579 http://osvdb.org/49766 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11 http://www.securityfocus.com/archive/1/498479/100/0/threaded http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5114
https://notcve.org/view.php?id=CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager v6.0 a v6.0 SP4, v7.0 y v7.1, permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://osvdb.org/49765 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 1CVE-2008-5116
https://notcve.org/view.php?id=CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. Una vulnerabilidad de salto de directorio en el archivo idm/includes/helpServer.jsp en Sun Java System Identity Manager versiones 6.0 hasta 6.0 SP4, y versiones 7.0 y 7.1, permite a los atacantes remotos leer archivos arbitrarios en el sistema de archivos del servidor IDM por medio de secuencias de salto de directorio en el parámetro ext. • http://osvdb.org/49767 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.procheckup.com/Vulnerability_PR08-09.php http://www.securityfocus.com/archive/1/498487/100/0/threaded http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46554 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •