importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remo...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provide...

The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.

Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scriptin...

Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via cra...

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) functi...

Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of ...

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP ...

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject...

Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "s...

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and cond...

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functi...

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP ad...

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, relate...

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vecto...

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unkn...

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via u...