|
270901
|
- |
|
sun
|
java_system_identity_manager
|
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote aut…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1077
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270902
|
- |
|
sun
|
java_system_identity_manager
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authentica…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1078
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270903
|
- |
|
sun
|
java_system_identity_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, ak…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1079
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270904
|
- |
|
sun
|
java_system_identity_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, ak…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1080
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270905
|
- |
|
sun
|
java_system_identity_manager
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbit…
|
CWE-94
Code Injection
|
CVE-2009-1083
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270906
|
- |
|
juniper
|
junos
|
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default U…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3485
|
2009-10-5 13:00 |
2009-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270907
|
- |
|
juniper
|
junos
|
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to …
|
CWE-79
Cross-site Scripting
|
CVE-2009-3486
|
2009-10-5 13:00 |
2009-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270908
|
- |
|
allisclear
|
clear_content
|
Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information …
|
CWE-22
Path Traversal
|
CVE-2009-3538
|
2009-10-5 13:00 |
2009-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270909
|
- |
|
yourfreeworld
|
ultra_classifieds_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php an…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3539
|
2009-10-5 13:00 |
2009-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270910
|
- |
|
yourfreeworld
|
ultra_classifieds_pro
|
Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenan…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3540
|
2009-10-5 13:00 |
2009-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
