Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-05 | CVE-2009-1934 | Cross-Site Scripting vulnerability in SUN Java System web Server and ONE web Server Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. | 4.3 |
2009-06-05 | CVE-2009-1933 | Credentials Management vulnerability in SUN Opensolaris and Solaris Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | 4.7 |
2009-06-02 | CVE-2004-2764 | Permissions, Privileges, and Access Controls vulnerability in SUN JRE and SDK Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | 10.0 |
2009-06-01 | CVE-2004-2763 | Configuration vulnerability in SUN Iplanet web Server and ONE web Server The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | 5.8 |
2009-06-01 | CVE-2003-1573 | SQL Injection vulnerability in SUN J2Ee 1.4 The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages." | 10.0 |
2009-06-01 | CVE-2003-1572 | Unspecified vulnerability in SUN JMF Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. | 9.3 |
2009-05-26 | CVE-2009-1796 | Cross-Site Scripting vulnerability in SUN Java System Portal Server 6.3.1/7.1/7.2 Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. | 4.3 |
2009-05-26 | CVE-2008-3870 | Numeric Errors vulnerability in SUN Solaris 8.0/9.0 Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | 10.0 |
2009-05-26 | CVE-2008-3869 | Buffer Errors vulnerability in SUN Solaris 8.0/9.0 Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | 10.0 |
2009-05-22 | CVE-2009-1763 | Local Code Execution vulnerability in Sun Solaris Secure Digital Slot Driver (sdhost(7D)) Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors. | 7.2 |