Search Results (221 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2406 1 Sun 1 Java Asp Server 2026-04-23 N/A
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
CVE-2008-0241 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
CVE-2007-3224 1 Sun 2 Java System Directory Server, One Directory Server 2026-04-23 N/A
Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.
CVE-2007-6571 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
CVE-2008-2518 1 Sun 1 Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.
CVE-2009-1074 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.
CVE-2009-0348 1 Sun 1 Java System Access Manager 2026-04-23 N/A
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-1076 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-1083 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
CVE-2008-4541 1 Sun 1 Java System Web Proxy Server 2026-04-23 N/A
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
CVE-2009-2676 2 Redhat, Sun 6 Network Satellite, Rhel Extras, Java Se and 3 more 2026-04-23 N/A
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
CVE-2009-2689 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-23 N/A
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.
CVE-2006-5653 1 Sun 1 Java System Messenger Express 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
CVE-2006-5654 1 Sun 2 Java System Web Server, One Application Server 2026-04-23 N/A
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.
CVE-2006-6276 1 Sun 4 Java System Application Server, Java System Web Proxy Server, Java System Web Server and 1 more 2026-04-23 N/A
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
CVE-2009-2723 2 Redhat, Sun 2 Rhel Extras, Java Se 2026-04-23 N/A
Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.
CVE-2008-0239 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
CVE-2009-3867 3 Microsoft, Redhat, Sun 9 Windows, Network Satellite, Rhel Extras and 6 more 2026-04-23 N/A
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
CVE-2007-2904 1 Sun 1 Java System Messaging Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.