CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2009-2283
https://notcve.org/view.php?id=CVE-2009-2283
01 Jul 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruxados (XSS) en help jsp scripts en Sun Java Web Console v3.0.2 a la v3.0.5, y Sun Java Web Console en Solaris 10, permite a atacantes remotos inyectar secuencias de comandos web o HTML ... • http://secunia.com/advisories/35597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5550
https://notcve.org/view.php?id=CVE-2008-5550
12 Dec 2008 — Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. Vulnerabilidad involuntaria de redirección en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y realizar ataques de phising a través... • http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 •
CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2008-1286
https://notcve.org/view.php?id=CVE-2008-1286
11 Mar 2008 — Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos. • http://secunia.com/advisories/29290 •
CVSS: 9.8EPSS: 4%CPEs: 10EXPL: 0CVE-2007-1681
https://notcve.org/view.php?id=CVE-2007-1681
19 Apr 2007 — Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. Vulnerabilidad de formato de cadena en libwebconsole_services.so de Sun Java Web Console 2.2.2 hasta 2.2.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación), obt... • http://osvdb.org/34902 •