NotCVE - vendor:"Macromedia" product:"Jrun" version:"2.3.3"

5 results (0.006 seconds)

CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 1

CVE-2002-1310

https://notcve.org/view.php?id=CVE-2002-1310

21 Nov 2002 — Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Desbordamiento de búfer basado en el montón (heap) en el mecanismo de manejo de errores en el manejador de IIS ISAPI en Macromedia JRun 4.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una peticón HTTP GET con un nombre de fichero .jsp largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 2

CVE-2001-1510

https://notcve.org/view.php?id=CVE-2001-1510

31 Dec 2001 — Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. • http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2001-1544

https://notcve.org/view.php?id=CVE-2001-1544

31 Dec 2001 — Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. • http://www.iss.net/security_center/static/7678.php •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

CVE-2001-0926

https://notcve.org/view.php?id=CVE-2001-0926

28 Nov 2001 — SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. • http://marc.info/?l=bugtraq&m=100697797325013&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2001-1084

https://notcve.org/view.php?id=CVE-2001-1084

02 Jul 2001 — Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html •