CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1218 – Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1218
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Calendar Express Web Server en Sun ONE Calendar Server 6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro "fmt-out" de login.wcap o (2) el parámetro "date" de command.shtml. • https://www.exploit-db.com/exploits/32862 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34152 http://www.securityfocus.com/bid/34153 http://www.vupen.com/english/advisories/2009/0905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4747
https://notcve.org/view.php?id=CVE-2008-4747
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Vulnerabilidad no especificada en la característica de búsqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener información sensible a través de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK. • http://secunia.com/advisories/32327 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1 http://www.securityfocus.com/bid/31905 http://www.securitytracker.com/id?1021103 http://www.vupen.com/english/advisories/2008/2916 https://exchange.xforce.ibmcloud.com/vulnerabilities/46074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 5EXPL: 0CVE-2008-2749
https://notcve.org/view.php?id=CVE-2008-2749
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. Vulnerabilidad sin expecificar en cshttpd in Sun Java System Calendar Server 6 y 6.3, y Sun ONE Calendar Server 6.0, cuando el access logging (tambien conocido como service.http.commandlog.all) está activado, permite a atacantes remotos provocar una denegación de servicio (caida de demonio), a través de vectores no especificados. • http://secunia.com/advisories/30694 http://sunsolve.sun.com/search/document.do?assetkey=1-66-235521-1 http://www.securityfocus.com/bid/29763 http://www.securitytracker.com/id?1020299 http://www.vupen.com/english/advisories/2008/1857 https://exchange.xforce.ibmcloud.com/vulnerabilities/43127 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5653 – Sun Java System 6.x - Messenger Express Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5653
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. Vulnerabilidad de cruce de sitios en scripts (XSS) en la función errorHTML en el script índice en Sun Java System Messenger Express 6 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro error. NOTA: Esta vulnerabilidad podría estar en relación con CVE-2006-5486, sin embargo debido a la ligereza de la notificación inicial y a diferentes investigadores, se le ha asignado un nuevo CVE. • https://www.exploit-db.com/exploits/28887 http://secunia.com/advisories/22663 http://securityreason.com/securityalert/1805 http://www.securityfocus.com/archive/1/450153/100/0/threaded http://www.securityfocus.com/archive/1/456273/100/200/threaded http://www.securityfocus.com/bid/20832 http://www.securitytracker.com/id?1018106 http://www.vupen.com/english/advisories/2006/4281 https://exchange.xforce.ibmcloud.com/vulnerabilities/29939 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4045
https://notcve.org/view.php?id=CVE-2005-4045
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif. • http://secunia.com/advisories/17889 http://securitytracker.com/id?1015313 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000831.1-1 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102068-1 http://www.securityfocus.com/bid/15733 http://www.vupen.com/english/advisories/2005/2754 •