5 results (0.004 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Desbordamiento de búfer basado en el montón (heap) en el mecanismo de manejo de errores en el manejador de IIS ISAPI en Macromedia JRun 4.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una peticón HTTP GET con un nombre de fichero .jsp largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html http://www.securityfocus.com/bid/6122 https://exchange.xforce.ibmcloud.com/vulnerabilities/10568 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2

Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. • http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 http://online.securityfocus.com/archive/1/243203 http://www.iss.net/security_center/static/7623.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full http://www.securityfocus.com/archive/1/243636 http://www.securityfocus.com/bid/3592 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. • http://www.iss.net/security_center/static/7678.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full http://www.securityfocus.com/bid/3666 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. • http://marc.info/?l=bugtraq&m=100697797325013&w=2 http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full http://www.securityfocus.com/bid/3589 https://exchange.xforce.ibmcloud.com/vulnerabilities/7622 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.kb.cert.org/vuls/id/654643 http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full http://www.osvdb.org/1891 http://www.securityfocus.com/bid/2983 https://exchange.xforce.ibmcloud.com/vulnerabilities/6793 •