SCS team

5 exploits Active since Apr 2009
CVE-2009-1219 EXPLOITDB text WRITEUP
Sun Java System Calendar Server 6 2004Q2-6.3-7.01 - Denial of Service via tzid Parameter
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.
CVE-2009-1218 EXPLOITDB text WORKING POC
Sun Java System Calendar Server 6 2004Q2-6.3-7.01 - Cross-Site Scripting via login.wcap fmt-out Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
CVE-2009-1729 EXPLOITDB text WORKING POC
Sun Java System Communications Express 6.2-6.3 XSS via abperson_displayName or temporaryCalendars
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
CVE-2009-1729 EXPLOITDB text WRITEUP
Sun Java System Communications Express 6.2-6.3 XSS via abperson_displayName or temporaryCalendars
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
CVE-2009-1357 EXPLOITDB text WORKING POC
Sun Java System Delegated Administrator 6.2-6.4 - HTTP Response Splitting via HELP_PAGE Parameter
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.