Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-05 | CVE-2008-2086 | Code Injection vulnerability in SUN Jdk, JRE and SDK Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. | 9.3 |
| 2008-11-28 | CVE-2008-5266 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. | 4.3 |
| 2008-11-18 | CVE-2008-5133 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. | 5.8 |
| 2008-11-18 | CVE-2008-5118 | Multiple vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." network sun | 4.3 |
| 2008-11-18 | CVE-2008-5117 | Improper Input Validation vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
| 2008-11-18 | CVE-2008-5116 | Path Traversal vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. | 7.8 |
| 2008-11-18 | CVE-2008-5115 | Cross-Site Request Forgery (CSRF) vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | 6.8 |
| 2008-11-18 | CVE-2008-5114 | Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-11-17 | CVE-2008-5111 | Local Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function. local sun | 4.7 |
| 2008-11-17 | CVE-2008-5099 | Information Exposure vulnerability in SUN Logical Domain Manager Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | 4.6 |