CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5654
https://notcve.org/view.php?id=CVE-2006-5654
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. Vulnerabilidad no especificada en Network Security Services (NSS) de Sun Java System Web Server 6.0 versiones anteriores a SP 10 y ONE Application Server 7 anteriores a Update 3, cuando SSLv2 está habilitado, permite a usuarios remotos autenticados provocar una denegación de servicio (fallo de aplicación) mediante vectores no especificados. NOTA: debido a la falta de detalles por parte del fabricanet, no está claro si esto está relacionado con el vector 1 en CVE-2006-5201. • http://secunia.com/advisories/22646 http://securitytracker.com/id?1017143 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 http://www.securityfocus.com/bid/20846 http://www.vupen.com/english/advisories/2006/4299 https://exchange.xforce.ibmcloud.com/vulnerabilities/29946 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5486
https://notcve.org/view.php?id=CVE-2006-5486
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmail en Sun Java System Messaging Server 6.0 hasta 6.2 y en iPlanet Messaging Server 5.2 permite a atacantes remotos ejecutar código Javascript de su elección mediante mensajes artesanales. • http://secunia.com/advisories/22575 http://securitytracker.com/id?1017113 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1 http://www.securityfocus.com/bid/20708 http://www.vupen.com/english/advisories/2006/4183 https://exchange.xforce.ibmcloud.com/vulnerabilities/29806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2006-4353
https://notcve.org/view.php?id=CVE-2006-4353
Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Content Delivery Server 4.0, 4.1, y 5.0 permite a atacantes locales y remotos leer datos de archivos de su elección a través de vectores no especificados. • http://secunia.com/advisories/21628 http://securitytracker.com/id?1016751 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102593-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.osvdb.org/28227 http://www.securityfocus.com/bid/19705 http://www.vupen.com/english/advisories/2006/3390 https://exchange.xforce.ibmcloud.com/vulnerabilities/28570 •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2006-4302
https://notcve.org/view.php?id=CVE-2006-4302
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. Java Plug-in J2SE 1.3.0_02 hasta 5.0 Update 5, y Java Web Start 1.0 hasta 1.2 y J2SE 1.4.2 hasta 5.0 Update 5, permite a atacantes remotos explotar vulnerabilidades especificando una versión JRE que contiene vulnerabilidades. • http://secunia.com/advisories/21570 http://securitytracker.com/id?1016732 http://securitytracker.com/id?1016733 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.osvdb.org/28109 http://www.securityfocus.com/archive/1/382413 http://www.securityfocus.com/bid/11757 http://www.securityfocus.com/bid/8879 http://www.vupen.com/english/advisories/2006/3354 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 25EXPL: 0CVE-2006-3921
https://notcve.org/view.php?id=CVE-2006-3921
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. Sun Java System Application Server (SJSAS) 7 hasta la 8.1 y Web Server (SJSWS) 6.0 y 6.1 permite a usuarios remotos validados leer archivos fuera del "directorio de documentos del root" a través de respuesta directas utilizando una codificación URI UTF-8. • http://secunia.com/advisories/21251 http://secunia.com/advisories/22425 http://securitytracker.com/id?1016596 http://securitytracker.com/id?1016597 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1 http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm http://www.securityfocus.com/bid/19200 http://www.vupen.com/english/advisories/2006/3020 https://exchange.xforce.ibmcloud.com/vulnerabilities/28061 •