CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5117
https://notcve.org/view.php?id=CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad involuntaria de redirección en Sun Java System Identity Manager v6.0 a v6.0 SP4, v7.0, y v7.1, permite a atacantes remotos, redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://osvdb.org/49768 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46556 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5118
https://notcve.org/view.php?id=CVE-2008-5118
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." Sun Java System Identity Manager en las versiones 6.0, 6.0 Service Pack 4, 7.0, y 7.1 permite a atacantes remotos inyectar marcos de sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados, relacionados con "inyección de marcos". • http://osvdb.org/49769 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46555 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5098
https://notcve.org/view.php?id=CVE-2008-5098
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Messaging Server 6.2 y 6.3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. Se trata de una vulnerabilidad diferente de CVE-2007-2904. • http://osvdb.org/49836 http://secunia.com/advisories/32670 http://securitytracker.com/id?1021223 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242186-1 http://www.securityfocus.com/bid/32285 http://www.vupen.com/english/advisories/2008/3152 https://exchange.xforce.ibmcloud.com/vulnerabilities/46583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2008-4910 – Sun Java Web Start 1.0/1.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-4910
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. El BasicService en Sun Java Web Start permite a atacantes remotos ejecutar programas de su elección en una máquina cliente a través de un argumento file:// URL al método showDocument. • https://www.exploit-db.com/exploits/32529 http://securityreason.com/securityalert/4542 http://www.securityfocus.com/archive/1/497799/100/0/threaded http://www.securityfocus.com/archive/1/497972/100/0/threaded http://www.securityfocus.com/bid/31916 https://exchange.xforce.ibmcloud.com/vulnerabilities/46119 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4747
https://notcve.org/view.php?id=CVE-2008-4747
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Vulnerabilidad no especificada en la característica de búsqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener información sensible a través de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK. • http://secunia.com/advisories/32327 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1 http://www.securityfocus.com/bid/31905 http://www.securitytracker.com/id?1021103 http://www.vupen.com/english/advisories/2008/2916 https://exchange.xforce.ibmcloud.com/vulnerabilities/46074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •