34 results (0.001 seconds)

CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0

Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. • http://secunia.com/advisories/18077 http://securityreason.com/securityalert/283 http://securitytracker.com/id?1015370 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=360 http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html http://www.securityfocus.com/bid/15905 http://www.securityfocus.com/bid/16026 http://www.vupen.com/english/advisories/2005/2949 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." • http://secunia.com/advisories/18077 http://securitytracker.com/id?1015370 http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html http://www.securityfocus.com/bid/15905 http://www.vupen.com/english/advisories/2005/2949 •

CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 http://securitytracker.com/id?1014489 http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/668206 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17483 •

CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/584958 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 •