CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1310
https://notcve.org/view.php?id=CVE-2002-1310
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Desbordamiento de búfer basado en el montón (heap) en el mecanismo de manejo de errores en el manejador de IIS ISAPI en Macromedia JRun 4.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una peticón HTTP GET con un nombre de fichero .jsp largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html http://www.securityfocus.com/bid/6122 https://exchange.xforce.ibmcloud.com/vulnerabilities/10568 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2001-1510
https://notcve.org/view.php?id=CVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. • http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 http://online.securityfocus.com/archive/1/243203 http://www.iss.net/security_center/static/7623.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full http://www.securityfocus.com/archive/1/243636 http://www.securityfocus.com/bid/3592 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2001-1544
https://notcve.org/view.php?id=CVE-2001-1544
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. • http://www.iss.net/security_center/static/7678.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full http://www.securityfocus.com/bid/3666 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2001-0926
https://notcve.org/view.php?id=CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. • http://marc.info/?l=bugtraq&m=100697797325013&w=2 http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full http://www.securityfocus.com/bid/3589 https://exchange.xforce.ibmcloud.com/vulnerabilities/7622 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-1084
https://notcve.org/view.php?id=CVE-2001-1084
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.kb.cert.org/vuls/id/654643 http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full http://www.osvdb.org/1891 http://www.securityfocus.com/bid/2983 https://exchange.xforce.ibmcloud.com/vulnerabilities/6793 •