CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-0857
https://notcve.org/view.php?id=CVE-2009-0857
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en /prm/reports en Performance Reporting Module (PRM) para Sun Management Center (SunMC) v3.6.1 y v4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "msg". NOTA: esto puede ser aprovechados para el acceso a la Consola Web SunMC. • http://secunia.com/advisories/34146 http://securitytracker.com/id?1021809 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1 http://www.securityfocus.com/bid/33999 http://www.vupen.com/english/advisories/2009/0605 https://exchange.xforce.ibmcloud.com/vulnerabilities/49076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-4117
https://notcve.org/view.php?id=CVE-2008-4117
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Vulnerabilidad no especificada en una página Web en el módulo PRM de Sun Management Center (SunMC) 3.6.1 y 4.0; permite a atacantes remotos provocar una denegación de servicio (consumo de memoria), a través de vectores no especificados. • http://secunia.com/advisories/31841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241686-1 http://www.securityfocus.com/bid/31194 http://www.securitytracker.com/id?1020890 http://www.vupen.com/english/advisories/2008/2587 https://exchange.xforce.ibmcloud.com/vulnerabilities/45156 •
CVSS: 9.4EPSS: 6%CPEs: 11EXPL: 0CVE-2007-6480
https://notcve.org/view.php?id=CVE-2007-6480
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. El componente de base de datos Oracle en Sun Management Center (Sun MC) 3.6.1, 3.6, y 3.5 Update 1 tiene un cuenta por defecto, que permite a atacantes remotos obtener acceso a la base de datos y ejecutar código de su elección. • http://osvdb.org/39563 http://secunia.com/advisories/28151 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201508-1 http://www.securityfocus.com/bid/26948 http://www.securitytracker.com/id?1019119 http://www.vupen.com/english/advisories/2007/4268 https://exchange.xforce.ibmcloud.com/vulnerabilities/39137 •