CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm http://www.securityfocus.com/bid/29988 http://www.securitytracker.com/id?1020380 http://www.vupen.com/english/advisories/2008/1967/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 • CWE-20: Improper Input Validation •
CVE-2008-2705
https://notcve.org/view.php?id=CVE-2008-2705
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager (AM) 7.1, cuando se utiliza con determinadas versiones y configuraciones del Sun Directory Server Enterprise Edition (DSEE), permite a atacantes remotos evitar la autenticación a través de vectores no especificados. • http://secunia.com/advisories/30652 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1 http://www.securityfocus.com/bid/29676 http://www.securitytracker.com/id?1020273 http://www.vupen.com/english/advisories/2008/1806 https://exchange.xforce.ibmcloud.com/vulnerabilities/43004 • CWE-287: Improper Authentication •
CVE-2008-1204
https://notcve.org/view.php?id=CVE-2008-1204
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccción a través de vectores no especificados relacionados con las ventanas de (1) Ayuda y (2) Versión. • http://secunia.com/advisories/29252 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1 http://www.securityfocus.com/bid/28113 http://www.vupen.com/english/advisories/2008/0784 https://exchange.xforce.ibmcloud.com/vulnerabilities/41024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5152
https://notcve.org/view.php?id=CVE-2007-5152
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificación después del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas. • http://osvdb.org/37758 http://secunia.com/advisories/26976 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 http://www.securityfocus.com/bid/25842 http://www.securitytracker.com/id?1018753 http://www.vupen.com/english/advisories/2007/3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/36846 • CWE-287: Improper Authentication •
CVE-2007-5153
https://notcve.org/view.php?id=CVE-2007-5153
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 8.x, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/37757 http://secunia.com/advisories/26976 http://securitytracker.com/id?1018753 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 http://www.securityfocus.com/bid/25842 http://www.vupen.com/english/advisories/2007/3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/36847 • CWE-94: Improper Control of Generation of Code ('Code Injection') •