CVE-2007-3700
https://notcve.org/view.php?id=CVE-2007-3700
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. Sun Java System Access Manager (formalmente Java System Identity Server) anterior a 20070710, cuando el mensaje de nivel del nivel de depuración está configurado en la propiedad com.iplanet.services.debug.level en AMConfig.properties, registros en texto plano de contraseñas, lo cual permite a usuarios locales ganar privilegios leyendo /var/opt/SUNWam/debug/amAuth. • http://osvdb.org/37249 http://secunia.com/advisories/26030 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1 http://www.securityfocus.com/bid/24859 http://www.securitytracker.com/id?1018370 http://www.vupen.com/english/advisories/2007/2496 https://exchange.xforce.ibmcloud.com/vulnerabilities/35339 •
CVE-2007-0628
https://notcve.org/view.php?id=CVE-2007-0628
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Sun Java System Access Manager versiones 6.1, 6.2, 6 2005Q1 (6.3) y 7 2005Q4 (7.0) anteriores a 20070129, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) goto y (2) gx-charset. NOTA: algunos de estos datos fueron obtenidos a partir de información de terceros. • http://osvdb.org/33010 http://secunia.com/advisories/23979 http://securitytracker.com/id?1017570 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 http://www.securityfocus.com/bid/22302 http://www.vupen.com/english/advisories/2007/0411 https://exchange.xforce.ibmcloud.com/vulnerabilities/31936 •
CVE-2006-0531
https://notcve.org/view.php?id=CVE-2006-0531
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. • http://secunia.com/advisories/18699 http://securitytracker.com/id?1015567 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102140-1 http://www.securityfocus.com/bid/16474 http://www.vupen.com/english/advisories/2006/0430 https://exchange.xforce.ibmcloud.com/vulnerabilities/24423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A755 •