6 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. Vulnerabilidad no especificada en Java System Application Server versión 7 2004Q2 anterior a Update 6, Web Server versión 6.1 anterior a SP8 y and Web Server versión 7.0 anterior a Update 1 permite a atacantes remotos obtener el código fuente de los ficheros JSP mediante vectores no conocidos. • http://secunia.com/advisories/30122 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 http://www.securityfocus.com/bid/29088 http://www.securitytracker.com/id?1019985 http://www.securitytracker.com/id?1019986 http://www.vupen.com/english/advisories/2008/1457/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. • http://jvn.jp/jp/JVN%2303D5EAA8/index.html http://secunia.com/advisories/20147 http://securitytracker.com/id?1016125 http://securitytracker.com/id?1016126 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 http://www.kb.cert.org/vuls/id/114956 http://www.securityfocus.com/bid/18035 http://www.vupen.com/english/advisories/2006/1866 https://exchange.xforce.ibmcloud.com/vulnerabilities/26550 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1 http://www.vupen.com/english/advisories/2005/0695 •

CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 0

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 http://www.securityfocus.com/bid/11015 http://xforce.iss.net/xforce/alerts/id/180 https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba http://www.securityfocus.com/bid/1600 http://www.securityfocus.com/templates/advisory.html?id=2542 https://exchange.xforce.ibmcloud.com/vulnerabilities/5135 •