CVE-2000-1053 – Allaire JRun 2.3 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2000-1053
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. • https://www.exploit-db.com/exploits/20314 http://marc.info/?l=bugtraq&m=97236125107957&w=2 http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5406 •
CVE-2000-1052
https://notcve.org/view.php?id=CVE-2000-1052
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 •
CVE-2000-0540
https://notcve.org/view.php?id=CVE-2000-0540
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/2713 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •
CVE-2000-0539
https://notcve.org/view.php?id=CVE-2000-0539
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/818 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •