Vulnerabilities > SUN > Solaris > 9.0

DATE CVE VULNERABILITY TITLE RISK
2010-01-28 CVE-2004-2766 Information Exposure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
network
sun redhat CWE-200
4.3
2010-01-28 CVE-2004-2765 Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
network
sun redhat CWE-79
4.3
2010-01-28 CVE-2003-1576 Buffer Errors vulnerability in SUN Change Manager 1.0
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
sun CWE-119
critical
10.0
2010-01-28 CVE-2003-1575 Permissions, Privileges, and Access Controls vulnerability in Symantec Vxfs 3.3.3/3.4/3.5
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
local
low complexity
symantec sun CWE-264
4.6
2009-08-07 CVE-2009-2711 Information Exposure vulnerability in multiple products
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.
local
low complexity
sun x-org CWE-200
4.9
2009-07-29 CVE-2009-2644 Race Condition vulnerability in SUN Opensolaris and Solaris
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
local
low complexity
sun CWE-362
4.9
2009-07-05 CVE-2009-2314 Race Condition vulnerability in SUN Lightweight Availability Collection Tool 3.0
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.
local
low complexity
sun CWE-362
2.1
2009-06-11 CVE-2009-2029 Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
network
low complexity
sun
5.0
2009-05-26 CVE-2008-3870 Numeric Errors vulnerability in SUN Solaris 8.0/9.0
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
network
low complexity
sun CWE-189
critical
10.0
2009-05-26 CVE-2008-3869 Buffer Errors vulnerability in SUN Solaris 8.0/9.0
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
network
low complexity
sun CWE-119
critical
10.0