Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-28 | CVE-2007-6571 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. | 4.3 |
| 2007-12-28 | CVE-2007-6570 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | 4.3 |
| 2007-12-28 | CVE-2007-6569 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | 4.3 |
| 2007-12-20 | CVE-2007-6505 | Configuration vulnerability in SUN Solaris 9 Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. | 3.5 |
| 2007-12-20 | CVE-2007-6482 | Multiple vulnerability in Sun Ray Device Manager Daemon Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 7.8 |
| 2007-12-20 | CVE-2007-6481 | Multiple vulnerability in Sun Ray Device Manager Daemon Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. | 6.4 |
| 2007-12-20 | CVE-2007-6480 | Unspecified vulnerability in SUN Management+Center 3.5Update1/3.6/3.6.1 The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. | 9.4 |
| 2007-12-17 | CVE-2007-6413 | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10 Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | 9.3 |
| 2007-12-15 | CVE-2007-6360 | Denial Of Service vulnerability in Sun SPARC XSCF Control Package (XCP) Firmware Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. | 7.8 |
| 2007-12-04 | CVE-2007-6232 | Cross-Site Scripting vulnerability in FTP Admin 0.1.0 Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. | 4.3 |