CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 1CVE-2009-1874
https://notcve.org/view.php?id=CVE-2009-1874
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos (XSS) en Management Console en Adobe JRun v4.0 permite a atacantes remotos inyectar script web o HTML a su elección a través de vectores no especificados. • http://osvdb.org/57187 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=151 http://www.securityfocus.com/archive/1/505804/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 9%CPEs: 2EXPL: 2CVE-2009-1873 – Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1873
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. Vulnerabilidad de salto de directorio en logging/logviewer.jsp en la consola de administración en Adobe JRun Application Server 4 Updater 7 permite a usuarios remotos autenticados leer ficheros de forma arbitraria a través de .. (punto punto) en el parámetro "logfile". Adobe JRun Application Server version 4 updater 7 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/9443 http://osvdb.org/57186 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=152 http://www.securityfocus.com/archive/1/505808/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados, afectando a la respuesta de un archivo en la raiz web JRun. • http://osvdb.org/34039 http://secunia.com/advisories/24488 http://www.adobe.com/support/security/bulletins/apsb07-07.html http://www.securityfocus.com/bid/22958 http://www.securitytracker.com/id?1017752 http://www.vupen.com/english/advisories/2007/0932 https://exchange.xforce.ibmcloud.com/vulnerabilities/32994 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5860
https://notcve.org/view.php?id=CVE-2006-5860
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración de Adobe JRun 4.0, como el usado en ColdFusion, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos. • http://osvdb.org/32122 http://secunia.com/advisories/24093 http://www.adobe.com/support/security/bulletins/apsb07-05.html http://www.securityfocus.com/bid/22547 http://www.securitytracker.com/id?1017646 http://www.securitytracker.com/id?1017647 http://www.vupen.com/english/advisories/2007/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/32475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5858
https://notcve.org/view.php?id=CVE-2006-5858
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. Adobe ColdFusion MX 7 hasta 7.0.2, y JRun 4, cuando se ejecuta en Microsoft IIS, permite a atacantes remotos leer archivos de su elección, listar directorios, o leer código fuente mediante un byte nulo (NULL) con doble codificación URL en un nombre de archivo ColdFusion, por ejemplo un archivo CFM. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466 http://osvdb.org/32123 http://secunia.com/advisories/23668 http://securitytracker.com/id?1017490 http://www.adobe.com/support/security/bulletins/apsb07-02.html http://www.securityfocus.com/archive/1/457799/100/0/threaded http://www.securityfocus.com/bid/21978 http://www.vupen.com/english/advisories/2007/0116 https://exchange.xforce.ibmcloud.com/vulnerabilities/31411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •