Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-16 | CVE-2008-2705 | Improper Authentication vulnerability in SUN Java System Access Manager 7.1 Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | 9.3 |
| 2008-06-12 | CVE-2008-2674 | Arbitrary File Access vulnerability in Fujitsu Interstage Management Console Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | 6.4 |
| 2008-06-10 | CVE-2008-0960 | Improper Authentication vulnerability in Juniper Session and Resource Control and SRC PE SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | 10.0 |
| 2008-06-05 | CVE-2008-2552 | Resource Management Errors vulnerability in SUN Service TAG Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors. | 4.9 |
| 2008-06-04 | CVE-2008-2406 | Improper Authentication vulnerability in SUN Java ASP Server 4.0 The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | 7.5 |
| 2008-06-04 | CVE-2008-2405 | Improper Input Validation vulnerability in SUN Java Active Server Pages 4.0.0/4.0.1 Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. | 7.5 |
| 2008-06-04 | CVE-2008-2404 | Buffer Errors vulnerability in SUN Java ASP Server 4.0 Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. | 10.0 |
| 2008-06-04 | CVE-2008-2403 | Path Traversal vulnerability in SUN Java ASP Server 4.0/4.0.1 Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. | 10.0 |
| 2008-06-04 | CVE-2008-2402 | Permissions, Privileges, and Access Controls vulnerability in SUN Java ASP Server 4.0 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | 5.0 |
| 2008-06-04 | CVE-2008-2401 | Improper Input Validation vulnerability in SUN Java Active Server 4.0.2 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. | 7.5 |