Macromedia Jrun
34 CVEs affecting Macromedia Jrun. Latest disclosed: 2005-12-22. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2005-4473 | | 2005-12-22 | Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." | |
CVE-2005-4472 | | 2005-12-22 | Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code… | |
CVE-2005-2306 | | 2005-07-19 | Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple ses… | |
CVE-2004-2182 | | 2004-12-31 | Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by th… | |
CVE-2004-1478 | | 2004-12-31 | JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP sess… | |
CVE-2004-1477 | | 2004-12-31 | Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hij… | |
CVE-2004-0646 | | 2004-12-23 | Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose log… | |
CVE-2004-0928 | | 2004-10-05 | The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source fi… | |
CVE-2004-1816 | | 2004-03-15 | Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allow… | |
CVE-2004-1815 | | 2004-03-15 | Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers t… | |
CVE-2002-2187 | | 2002-12-31 | Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | |
CVE-2002-2186 | | 2002-12-31 | Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. | |
CVE-2002-1855 | | 2002-12-31 | Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files a… | |
CVE-2002-1310 | | 2002-11-29 | Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbi… | |
CVE-2002-1025 | | 2002-10-04 | JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP… | |
CVE-2002-0937 | | 2002-10-04 | The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrin… | |
CVE-2002-0801 | | 2002-08-12 | Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a lon… | |
CVE-2002-0665 | | 2002-07-11 | Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |
CVE-2001-1545 | | 2001-12-31 | Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers… | |
CVE-2001-1544 | | 2001-12-31 | Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in… |