CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0628
https://notcve.org/view.php?id=CVE-2007-0628
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Sun Java System Access Manager versiones 6.1, 6.2, 6 2005Q1 (6.3) y 7 2005Q4 (7.0) anteriores a 20070129, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) goto y (2) gx-charset. NOTA: algunos de estos datos fueron obtenidos a partir de información de terceros. • http://osvdb.org/33010 http://secunia.com/advisories/23979 http://securitytracker.com/id?1017570 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 http://www.securityfocus.com/bid/22302 http://www.vupen.com/english/advisories/2007/0411 https://exchange.xforce.ibmcloud.com/vulnerabilities/31936 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0014
https://notcve.org/view.php?id=CVE-2007-0014
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. ChainKey Java Code Protection permite a atacantes descompilar ficheros class de Java mediante un cargador de clases de Java con un método defineClass modificado que guarda el bytecode en un fichero antes de ser pasado a la JVM. • http://osvdb.org/33473 http://www.securityfocus.com/archive/1/456712/100/0/threaded http://www.securityfocus.com/archive/1/456734/100/0/threaded • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0114
https://notcve.org/view.php?id=CVE-2007-0114
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. Sun Java System Content Delivery Server 5.0 y 5.0 PU1 permite a atacantes remotos obtener información sensible sobre "detalles de contenido" a través de vectores no especificados. • http://osvdb.org/32645 http://secunia.com/advisories/23630 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102764-1 http://www.securityfocus.com/bid/21908 http://www.vupen.com/english/advisories/2007/0076 https://exchange.xforce.ibmcloud.com/vulnerabilities/31345 •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2006-6276
https://notcve.org/view.php?id=CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. Vulnerabilidad de contrabando de petición HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petición HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la caché web mediante vectores de ataque no especificados. • http://secunia.com/advisories/23186 http://securitytracker.com/id?1017322 http://securitytracker.com/id?1017323 http://securitytracker.com/id?1017324 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1 http://www.securityfocus.com/bid/21371 http://www.vupen.com/english/advisories/2006/4793 https://exchange.xforce.ibmcloud.com/vulnerabilities/30662 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5653 – Sun Java System 6.x - Messenger Express Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5653
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. Vulnerabilidad de cruce de sitios en scripts (XSS) en la función errorHTML en el script índice en Sun Java System Messenger Express 6 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro error. NOTA: Esta vulnerabilidad podría estar en relación con CVE-2006-5486, sin embargo debido a la ligereza de la notificación inicial y a diferentes investigadores, se le ha asignado un nuevo CVE. • https://www.exploit-db.com/exploits/28887 http://secunia.com/advisories/22663 http://securityreason.com/securityalert/1805 http://www.securityfocus.com/archive/1/450153/100/0/threaded http://www.securityfocus.com/archive/1/456273/100/200/threaded http://www.securityfocus.com/bid/20832 http://www.securitytracker.com/id?1018106 http://www.vupen.com/english/advisories/2006/4281 https://exchange.xforce.ibmcloud.com/vulnerabilities/29939 •