CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1310
https://notcve.org/view.php?id=CVE-2002-1310
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Desbordamiento de búfer basado en el montón (heap) en el mecanismo de manejo de errores en el manejador de IIS ISAPI en Macromedia JRun 4.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una peticón HTTP GET con un nombre de fichero .jsp largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html http://www.securityfocus.com/bid/6122 https://exchange.xforce.ibmcloud.com/vulnerabilities/10568 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2000-1051
https://notcve.org/view.php?id=CVE-2000-1051
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5405 •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2000-1053 – Allaire JRun 2.3 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2000-1053
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. • https://www.exploit-db.com/exploits/20314 http://marc.info/?l=bugtraq&m=97236125107957&w=2 http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5406 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2000-1052
https://notcve.org/view.php?id=CVE-2000-1052
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0539
https://notcve.org/view.php?id=CVE-2000-0539
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/818 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •