CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5118
https://notcve.org/view.php?id=CVE-2008-5118
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." Sun Java System Identity Manager en las versiones 6.0, 6.0 Service Pack 4, 7.0, y 7.1 permite a atacantes remotos inyectar marcos de sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados, relacionados con "inyección de marcos". • http://osvdb.org/49769 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46555 •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm http://www.securityfocus.com/bid/29988 http://www.securitytracker.com/id?1020380 http://www.vupen.com/english/advisories/2008/1967/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 35%CPEs: 5EXPL: 7CVE-2008-0239 – Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0239
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager 6.0 SP1 hasta SP3, 7.0, y 7.1 permiten a atacantes remotos inyectar, a su elección, códigos web o HTML, usando (1) los parámetros cntry o lang pasados a /idm/login.jsp, (2) el parámetro resultsForm pasado a /idm/account/findForSelect.jsp, o (3) el parámetro activeControl pasado a /idm/user/main.jsp. • https://www.exploit-db.com/exploits/31005 https://www.exploit-db.com/exploits/31004 https://www.exploit-db.com/exploits/31007 http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-06.php http://www.procheckup.com/Vulnerability_PR07-07.php http://www.procheckup.com/Vulnerability& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 2CVE-2008-0240 – Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp?helpUrl' Remote Frame Injection
https://notcve.org/view.php?id=CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." El fichero /idm/help/index.jsp en Sun Java System Identity Manager 6.0 SP1 hasta SP3, 7.0, y 7.1 permite que atacantes remotos inyecten marcos desde cualquier sitio web, y lleven a cabo ataques de phising a través del parámetro helpUrl, también conocido como "inyección de marco". • https://www.exploit-db.com/exploits/31006 http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-10.php http://www.securityfocus.com/archive/1/486076/100/0/threaded http://www.securityfocus.com/bid/27214 http://www.vupen.com/english/advisories/2008/0089 https://exchange.xfo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 1%CPEs: 5EXPL: 1CVE-2008-0241
https://notcve.org/view.php?id=CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. Una vulnerabilidad de redireccionamiento abierto en el archivo /idm/user/login.jsp en Sun Java System Identity Manager versión 6.0 SP1 hasta SP3, versiones 7.0 y 7.1, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de una URL en el parámetro nextPage. • http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-12.php http://www.securityfocus.com/archive/1/486076/100/0/threaded http://www.securityfocus.com/bid/27214 http://www.vupen.com/english/advisories/2008/0089 https://exchange.xforce.ibmcloud.com/vulnerabilities/39590 • CWE-20: Improper Input Validation •