Page 7 of 34 results (0.001 seconds)

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. • https://www.exploit-db.com/exploits/20314 http://marc.info/?l=bugtraq&m=97236125107957&w=2 http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5406 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/2713 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/818 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •