Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-05 | CVE-2003-1579 | Numeric Errors vulnerability in SUN ONE web Server 6.0 Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | 4.3 |
| 2010-02-05 | CVE-2003-1578 | Unspecified vulnerability in SUN ONE web Server 4.1/6.0 Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue. network sun | 4.3 |
| 2010-02-05 | CVE-2003-1577 | Cross-Site Scripting vulnerability in SUN ONE web Server 4.1/6.0 Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. | 2.6 |
| 2010-02-03 | CVE-2010-0453 | Improper Input Validation vulnerability in SUN Opensolaris and Solaris The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision. | 4.9 |
| 2010-01-28 | CVE-2005-4885 | Remote Security vulnerability in StorEdge 6130 Array Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors. | 7.5 |
| 2010-01-28 | CVE-2004-2766 | Information Exposure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
| 2010-01-28 | CVE-2004-2765 | Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | 4.3 |
| 2010-01-28 | CVE-2003-1576 | Buffer Errors vulnerability in SUN Change Manager 1.0 Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2010-01-28 | CVE-2003-1575 | Permissions, Privileges, and Access Controls vulnerability in Symantec Vxfs 3.3.3/3.4/3.5 VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | 4.6 |
| 2010-01-25 | CVE-2010-0389 | Unspecified vulnerability in SUN Java System web Server 7.0 The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. | 5.0 |