CVE-2009-0857
https://notcve.org/view.php?id=CVE-2009-0857
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en /prm/reports en Performance Reporting Module (PRM) para Sun Management Center (SunMC) v3.6.1 y v4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "msg". NOTA: esto puede ser aprovechados para el acceso a la Consola Web SunMC. • http://secunia.com/advisories/34146 http://securitytracker.com/id?1021809 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1 http://www.securityfocus.com/bid/33999 http://www.vupen.com/english/advisories/2009/0605 https://exchange.xforce.ibmcloud.com/vulnerabilities/49076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4117
https://notcve.org/view.php?id=CVE-2008-4117
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Vulnerabilidad no especificada en una página Web en el módulo PRM de Sun Management Center (SunMC) 3.6.1 y 4.0; permite a atacantes remotos provocar una denegación de servicio (consumo de memoria), a través de vectores no especificados. • http://secunia.com/advisories/31841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241686-1 http://www.securityfocus.com/bid/31194 http://www.securitytracker.com/id?1020890 http://www.vupen.com/english/advisories/2008/2587 https://exchange.xforce.ibmcloud.com/vulnerabilities/45156 •