CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 2CVE-2009-1873 – Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1873
18 Aug 2009 — Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. Vulnerabilidad de salto de directorio en logging/logviewer.jsp en la consola de administración en Adobe JRun Application Server 4 Updater 7 permite a usuarios remotos autenticados leer ficheros de forma arbitraria a través de .. (punto punto) en el parámetro "logfile". • https://www.exploit-db.com/exploits/9443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2009-1874
https://notcve.org/view.php?id=CVE-2009-1874
18 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos (XSS) en Management Console en Adobe JRun v4.0 permite a atacantes remotos inyectar script web o HTML a su elección a través de vectores no especificados. • http://osvdb.org/57187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
16 Mar 2007 — Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores n... • http://osvdb.org/34039 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5860
https://notcve.org/view.php?id=CVE-2006-5860
14 Feb 2007 — Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración de Adobe JRun 4.0, como el usado en ColdFusion, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos. • http://osvdb.org/32122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 10%CPEs: 3EXPL: 0CVE-2006-5858
https://notcve.org/view.php?id=CVE-2006-5858
31 Dec 2006 — Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. Adobe ColdFusion MX 7 hasta 7.0.2, y JRun 4, cuando se ejecuta en Microsoft IIS, permite a atacantes remotos leer archivos de su elección, listar directorios, o leer código fuente mediante un byte nulo (NULL) con doble codificación URL en un nombre de archivo ColdFusi... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 4EXPL: 0CVE-2005-4472
https://notcve.org/view.php?id=CVE-2005-4472
22 Dec 2005 — Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. • http://secunia.com/advisories/18077 •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2005-4473
https://notcve.org/view.php?id=CVE-2005-4473
22 Dec 2005 — Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." • http://secunia.com/advisories/18077 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2306
https://notcve.org/view.php?id=CVE-2005-2306
19 Jul 2005 — Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2004-2182
https://notcve.org/view.php?id=CVE-2004-2182
31 Dec 2004 — Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. • http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
31 Dec 2004 — JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •