CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm http://www.securityfocus.com/bid/29988 http://www.securitytracker.com/id?1020380 http://www.vupen.com/english/advisories/2008/1967/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-1204
https://notcve.org/view.php?id=CVE-2008-1204
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccción a través de vectores no especificados relacionados con las ventanas de (1) Ayuda y (2) Versión. • http://secunia.com/advisories/29252 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1 http://www.securityfocus.com/bid/28113 http://www.vupen.com/english/advisories/2008/0784 https://exchange.xforce.ibmcloud.com/vulnerabilities/41024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0628
https://notcve.org/view.php?id=CVE-2007-0628
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Sun Java System Access Manager versiones 6.1, 6.2, 6 2005Q1 (6.3) y 7 2005Q4 (7.0) anteriores a 20070129, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) goto y (2) gx-charset. NOTA: algunos de estos datos fueron obtenidos a partir de información de terceros. • http://osvdb.org/33010 http://secunia.com/advisories/23979 http://securitytracker.com/id?1017570 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 http://www.securityfocus.com/bid/22302 http://www.vupen.com/english/advisories/2007/0411 https://exchange.xforce.ibmcloud.com/vulnerabilities/31936 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0531
https://notcve.org/view.php?id=CVE-2006-0531
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. • http://secunia.com/advisories/18699 http://securitytracker.com/id?1015567 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102140-1 http://www.securityfocus.com/bid/16474 http://www.vupen.com/english/advisories/2006/0430 https://exchange.xforce.ibmcloud.com/vulnerabilities/24423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A755 •