Sun Iplanet Messaging Server vulnerabilities

5 known vulnerabilities affecting sun/iplanet_messaging_server.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2004-2765MEDIUMCVSS 4.3v5.22010-01-28
CVE-2004-2765 [MEDIUM] CWE-79 CVE-2004-2765: Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Mess Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
nvd
CVE-2004-2766MEDIUMCVSS 4.3v5.22010-01-28
CVE-2004-2766 [MEDIUM] CWE-200 CVE-2004-2766: Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows rem Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
nvd
CVE-2006-5486MEDIUMCVSS 4.3v5.22006-10-24
CVE-2006-5486 [MEDIUM] CWE-79 CVE-2006-5486: Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
nvd
CVE-2006-3159LOWCVSS 2.1v5.22006-06-22
CVE-2006-3159 [LOW] CVE-2006-3159: pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local use pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
nvd
CVE-2005-2022MEDIUMCVSS 4.3v5.22005-06-17
CVE-2005-2022 [MEDIUM] CWE-79 CVE-2005-2022: Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Serve Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
nvd