Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-30 | CVE-2006-2199 | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | 7.6 |
2006-06-30 | CVE-2006-2198 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | 7.6 |
2006-06-26 | CVE-2006-3225 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. | 2.6 |
2006-06-22 | CVE-2006-3159 | Local Information Disclosure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. | 2.1 |
2006-06-21 | CVE-2006-3127 | Resource Management Errors vulnerability in SUN products Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations. | 7.8 |
2006-06-09 | CVE-2006-2930 | Local Security vulnerability in Grid Engine Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | 4.6 |
2006-06-02 | CVE-2006-2790 | Local Privilege Escalation vulnerability in SUN Storage Automated Diagnostic Environment 2.4 A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | 7.2 |
2006-05-26 | CVE-2006-2614 | Local Password Disclosure vulnerability in SUN N1 System Manager 1.1 Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | 4.6 |
2006-05-22 | CVE-2006-2513 | Authentication Bypass vulnerability in SUN Java System Directory Server 5.2 Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | 7.5 |
2006-05-20 | CVE-2006-2501 | Cross-Site Scripting vulnerability in Sun ONE and Sun Java System Applications Error Page Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. network sun | 6.8 |