CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5550
https://notcve.org/view.php?id=CVE-2008-5550
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. Vulnerabilidad involuntaria de redirección en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y realizar ataques de phising a través del parámetro redirect_url. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1 http://www.securityfocus.com/bid/32771 https://exchange.xforce.ibmcloud.com/vulnerabilities/47257 •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2008-5422
https://notcve.org/view.php?id=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2008-5423
https://notcve.org/view.php?id=CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. Sun Ray Server Software v3.x y v4.0 y Sun Ray Windows Connector v1.1 y v2.0 exponen la contraseña LDAP durante un paso de configuración, lo que permite a usuarios locales descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y el Administration GUI, mediante vectores no especificados relacionados con el componente utconfig de el Server Software y el componente uttscadm de el Windows Connector. • http://secunia.com/advisories/33108 http://secunia.com/advisories/33119 http://securitytracker.com/id?1021379 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm http://www.securityfocus.com/bid/32772 http://www.vupen.com/english/advisories/2008/3406 http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5410
https://notcve.org/view.php?id=CVE-2008-5410
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. La caché PK11_SESSION en el motor OpenSSL PKCS#11 en Sun Solaris 10 no mantiene la cuenta de referencia para operaciones con claves asimétricas, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (fallos en las operaciones criptográficas) a través de vectores desconocidos, relacionado con las funciones (1) RSA_sign y (2) RSA_verify. • http://secunia.com/advisories/33050 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246846-1 http://www.securityfocus.com/bid/32671 http://www.securitytracker.com/id?1021358 http://www.vupen.com/english/advisories/2008/3372 https://exchange.xforce.ibmcloud.com/vulnerabilities/47137 https://oval.cisecurity.org/repository/search/definition • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 182EXPL: 0CVE-2008-5133
https://notcve.org/view.php?id=CVE-2008-5133
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. ipnat en IP Filter de Sun Solaris v10 y OpenSolaris anteriores a snv_96, cuando se ejecutan en servidor DNS con traducción de direcciones de red (NAT) configurado cambia el puerto origen de forma incorrecta cuando el puerto destino es el puerto DNS, lo que permite a atacantes remotos evitar e intentar el mecanismo de protección CVE-2008-1447 y espíar las respuestas a solicitudes DNS enviadas por nombre. • http://secunia.com/advisories/32625 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245206-1 http://www.vupen.com/english/advisories/2008/3129 https://exchange.xforce.ibmcloud.com/vulnerabilities/46721 • CWE-264: Permissions, Privileges, and Access Controls •