6 results (0.009 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Desbordamiento de búfer basado en el montón (heap) en el mecanismo de manejo de errores en el manejador de IIS ISAPI en Macromedia JRun 4.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una peticón HTTP GET con un nombre de fichero .jsp largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html http://www.securityfocus.com/bid/6122 https://exchange.xforce.ibmcloud.com/vulnerabilities/10568 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5405 •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. • https://www.exploit-db.com/exploits/20314 http://marc.info/?l=bugtraq&m=97236125107957&w=2 http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/5406 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. • http://marc.info/?l=bugtraq&m=97236692714978&w=2 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. • http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full http://www.osvdb.org/2713 http://www.securityfocus.com/bid/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/4774 •