Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sun java vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote malicious users to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
1 EDB exploit
NA
CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
NA
CVE-2008-1995
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote malicious users to bypass intended access restrictions for the server.
Sun Java System Directory Server 6.2
Sun Java System Directory Server 6.0
Sun Java System Directory Server 6.1
NA
CVE-2009-0348
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Sun Java System Access Manager 7 2005q4
Sun Java System Access Manager 7.1
Sun Java System Access Manager 6.3 2005q1
1 EDB exploit
NA
CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
NA
CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ex...
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
NA
CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
NA
CVE-2008-5118
Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.0
NA
CVE-2009-1357
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 up to and including 6.4 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
Sun Java System Delegated Administrator 6.2
Sun Java System Delegated Administrator 6.3
Sun Java System Delegated Administrator 6.4
1 EDB exploit
NA
CVE-2009-0170
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
Sun Java System Access Manager 7.1
Sun Java System Access Manager 7.0 2005q4
Sun Java System Access Manager 6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »