Search Results (221 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0114 1 Sun 1 Java System Content Delivery Server 2026-04-23 N/A
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
CVE-2007-5019 1 Sun 3 Java Web Start, Jre, Sdk 2026-04-23 N/A
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.
CVE-2007-0628 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-5152 1 Sun 2 Java System Access Manager, Java System Application Server 2026-04-23 N/A
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
CVE-2007-5153 1 Sun 2 Java System Access Manager, Java System Application Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2008-0240 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."
CVE-2008-0241 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
CVE-2007-1419 1 Sun 1 Java Dynamic Management Kit 2026-04-23 N/A
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.
CVE-2007-1526 1 Sun 1 Java System Web Server 2026-04-23 N/A
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
CVE-2007-2435 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Java Enterprise System and 2 more 2026-04-23 N/A
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
CVE-2007-2466 1 Sun 2 Java System Directory Server, One Directory Server 2026-04-23 N/A
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
CVE-2006-4175 1 Sun 2 Java System Directory Server, One Directory Server 2026-04-23 N/A
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
CVE-2007-3225 1 Sun 1 Java System Directory Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.
CVE-2008-6192 1 Sun 1 Java System Portal Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-1204 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
CVE-2008-1286 2 Linux, Sun 3 Linux Kernel, Java Web Console, Solaris 2026-04-23 N/A
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
CVE-2008-1995 1 Sun 1 Java System Directory Server 2026-04-23 N/A
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
CVE-2008-2120 1 Sun 2 Java System Application Server, Java System Web Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
CVE-2008-2166 1 Sun 1 Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
CVE-2009-0576 1 Sun 1 Java System Directory Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.