Page 2 of 23 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 7

CVE-2008-2751 – GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-2751

Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz webadmin de Glassfish en Java System Application Server de Sun versión 9.1_01, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, o (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc en (a) el archivo resourceNode/customResourceNew.jsf; el parámetro (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, o (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc en (b) el archivo resourceNode/externalResourceNew.jsf; el parámetro (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, o (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc en (c) el archivo resourceNode/jmsDestinationNew.jsf; el parámetro (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi o (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd en (d) el archivo resourceNode/jmsConnectionNew.jsf; el parámetro (15) propertyForm:propertySheet:propertSectionTextField :jndiProp:jnditext o (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc en (e) el archivo resourceNode/jdbcResourceNew.jsf; el parámetro (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, o (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder en (f) el archivo aplicaciones/lifecycleModulesNew.jsf; o el parámetro (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, o (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db en (g) el archivo resourceNode/jdbcConnectionPoolNew1.jsf. • https://www.exploit-db.com/exploits/31927 https://www.exploit-db.com/exploits/31922 https://www.exploit-db.com/exploits/31923 https://www.exploit-db.com/exploits/31928 https://www.exploit-db.com/exploits/31926 https://www.exploit-db.com/exploits/31925 https://www.exploit-db.com/exploits/31924 http://securityreason.com/securityalert/3949 http://www.securityfocus.com/archive/1/493370/100/0/threaded http://www.securityfocus.com/bid/29751 https://exchange.xforce.ibmcloud • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-2120

https://notcve.org/view.php?id=CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. Vulnerabilidad no especificada en Java System Application Server versión 7 2004Q2 anterior a Update 6, Web Server versión 6.1 anterior a SP8 y and Web Server versión 7.0 anterior a Update 1 permite a atacantes remotos obtener el código fuente de los ficheros JSP mediante vectores no conocidos. • http://secunia.com/advisories/30122 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 http://www.securityfocus.com/bid/29088 http://www.securitytracker.com/id?1019985 http://www.securitytracker.com/id?1019986 http://www.vupen.com/english/advisories/2008/1457/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 14%CPEs: 8EXPL: 0

CVE-2007-5153

https://notcve.org/view.php?id=CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 8.x, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/37757 http://secunia.com/advisories/26976 http://securitytracker.com/id?1018753 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 http://www.securityfocus.com/bid/25842 http://www.vupen.com/english/advisories/2007/3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/36847 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2007-5152

https://notcve.org/view.php?id=CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificación después del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas. • http://osvdb.org/37758 http://secunia.com/advisories/26976 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 http://www.securityfocus.com/bid/25842 http://www.securitytracker.com/id?1018753 http://www.vupen.com/english/advisories/2007/3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/36846 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 0

CVE-2007-4511

https://notcve.org/view.php?id=CVE-2007-4511

The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. La consola Sun Admin en Sun Application Server 9.0_0.1 no aplica ciertos cambios de configuración persistentes, lo cual provoca que los servicios de escucha (1) SSL y (2) SSL_MutualAuth ORB a habilitados, todos los protocolos y códigos son reiniciados, posiblemente llevandose a cabo ataques remotos evitando las políticas de validación. • http://osvdb.org/45828 http://www.securityfocus.com/archive/1/477315/100/0/threaded http://www.securityfocus.com/bid/25400 https://exchange.xforce.ibmcloud.com/vulnerabilities/36169 •