Export limit exceeded: 10174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (221 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2026-04-23 | N/A |
| The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-0241 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | ||||
| CVE-2008-1204 | 1 Sun | 1 Java System Access Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | ||||
| CVE-2008-1995 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | ||||
| CVE-2008-2166 | 1 Sun | 1 Java System Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp. | ||||
| CVE-2008-2402 | 1 Sun | 1 Java Asp Server | 2026-04-23 | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | ||||
| CVE-2008-2405 | 1 Sun | 1 Java Active Server Pages | 2026-04-23 | N/A |
| Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. | ||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2026-04-23 | N/A |
| The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | ||||
| CVE-2008-2518 | 1 Sun | 1 Java System Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter. | ||||
| CVE-2008-2945 | 1 Sun | 2 Java System Access Manager, Java System Identity Server | 2026-04-23 | N/A |
| Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. | ||||
| CVE-2007-6059 | 1 Sun | 1 Javamail | 2026-04-23 | N/A |
| Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products. | ||||
| CVE-2007-1419 | 1 Sun | 1 Java Dynamic Management Kit | 2026-04-23 | N/A |
| The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | ||||
| CVE-2008-3683 | 1 Sun | 1 Java System Web Proxy Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. | ||||
| CVE-2008-2401 | 1 Sun | 1 Java Active Server | 2026-04-23 | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. | ||||
| CVE-2008-4541 | 1 Sun | 1 Java System Web Proxy Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2008-2404 | 1 Sun | 1 Java Asp Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. | ||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2026-04-23 | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | ||||
| CVE-2008-5098 | 1 Sun | 1 Java System Messaging Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. | ||||
| CVE-2008-5117 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2009-1084 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. | ||||