4 results (0.016 seconds)

CVSS: 5.0EPSS: 12%CPEs: 9EXPL: 3

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. Sun Calendar Express Web Server en Sun ONE Calendar Server v6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de múltiples peticiones de la URI por defecto con caracteres alfabéticos en el parámetro "tzid". • https://www.exploit-db.com/exploits/32860 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34150 http://www.vupen.com/english/advisories/2009/0905 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Calendar Express Web Server en Sun ONE Calendar Server 6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro "fmt-out" de login.wcap o (2) el parámetro "date" de command.shtml. • https://www.exploit-db.com/exploits/32862 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1 http://www.coresecurity.com/content/sun-calendar-express http://www.securityfocus.com/archive/1/502320/100/0/threaded http://www.securityfocus.com/bid/34152 http://www.securityfocus.com/bid/34153 http://www.vupen.com/english/advisories/2009/0905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 2%CPEs: 5EXPL: 0

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. Vulnerabilidad sin expecificar en cshttpd in Sun Java System Calendar Server 6 y 6.3, y Sun ONE Calendar Server 6.0, cuando el access logging (tambien conocido como service.http.commandlog.all) está activado, permite a atacantes remotos provocar una denegación de servicio (caida de demonio), a través de vectores no especificados. • http://secunia.com/advisories/30694 http://sunsolve.sun.com/search/document.do?assetkey=1-66-235521-1 http://www.securityfocus.com/bid/29763 http://www.securitytracker.com/id?1020299 http://www.vupen.com/english/advisories/2008/1857 https://exchange.xforce.ibmcloud.com/vulnerabilities/43127 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view. Sun Java Portal Sever 6.2 (anteriormente Sun One) permite a usuarios remotos autenticados obtener prilegios de Calendar Server y modificar datos del calendario cambiando las opciones de visualización a una vista no predeterminada. • http://secunia.com/advisories/12134 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57586 http://www.kb.cert.org/vuls/id/881254 http://www.securityfocus.com/bid/10788 https://exchange.xforce.ibmcloud.com/vulnerabilities/16776 •