Vulnerabilities > CVE-2006-4958 - Unspecified vulnerability in SUN Secure Global Desktop 3.42/4.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | CGI abuses : XSS |
NASL id | SGD_4_2_983.NASL |
description | Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms, is installed on the remote web server. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22495 |
published | 2006-10-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22495 |
title | Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS |
code |
|
References
- http://secunia.com/advisories/22037
- http://secunia.com/advisories/22037
- http://securityreason.com/securityalert/1623
- http://securityreason.com/securityalert/1623
- http://securitytracker.com/id?1016900
- http://securitytracker.com/id?1016900
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555
- http://www.securityfocus.com/archive/1/446566/100/0/threaded
- http://www.securityfocus.com/archive/1/446566/100/0/threaded
- http://www.securityfocus.com/bid/20135
- http://www.securityfocus.com/bid/20135
- http://www.securityfocus.com/bid/20276
- http://www.securityfocus.com/bid/20276
- http://www.vupen.com/english/advisories/2006/3739
- http://www.vupen.com/english/advisories/2006/3739
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29070
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29303
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29303