Page 2 of 13 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-1204

https://notcve.org/view.php?id=CVE-2008-1204

08 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccció... • http://secunia.com/advisories/29252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

CVE-2007-5152

https://notcve.org/view.php?id=CVE-2007-5152

01 Oct 2007 — Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificación después del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas. • http://osvdb.org/37758 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0

CVE-2007-5153

https://notcve.org/view.php?id=CVE-2007-5153

01 Oct 2007 — Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 8.x, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/37757 • CWE-94: Improper Control of Generation of Code ('Code Injection') •