CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
30 Jun 2008 — Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2705
https://notcve.org/view.php?id=CVE-2008-2705
16 Jun 2008 — Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager (AM) 7.1, cuando se utiliza con determinadas versiones y configuraciones del Sun Directory Server Enterprise Edition (DSEE), permite a atacantes remotos evitar la autenticación a través de vectores no ... • http://secunia.com/advisories/30652 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-1204
https://notcve.org/view.php?id=CVE-2008-1204
08 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccció... • http://secunia.com/advisories/29252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-5152
https://notcve.org/view.php?id=CVE-2007-5152
01 Oct 2007 — Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificación después del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas. • http://osvdb.org/37758 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2007-5153
https://notcve.org/view.php?id=CVE-2007-5153
01 Oct 2007 — Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 8.x, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/37757 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3700
https://notcve.org/view.php?id=CVE-2007-3700
11 Jul 2007 — Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. Sun Java System Access Manager (formalmente Java System Identity Server) anterior a 20070710, cuando el mensaje de nivel del nivel de depuración está configurado en la propiedad com.iplanet.se... • http://osvdb.org/37249 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0628
https://notcve.org/view.php?id=CVE-2007-0628
31 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Sun Java System Access Manager versiones 6.1, 6.2, 6 2005Q1 (6.3) y 7 2005Q4 (7.0) anteriores a 20070129, permite a ataca... • http://osvdb.org/33010 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0531
https://notcve.org/view.php?id=CVE-2006-0531
04 Feb 2006 — Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. • http://secunia.com/advisories/18699 •