CVE-2009-1874

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject a

CVE-2009-1873

all versions

Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7

CVE-2007-1278

all versions

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using M

CVE-2006-5860

all versions

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote att

CVE-2006-5858

all versions

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list

CVE-2005-4473

all versions

Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a

CVE-2005-4472

all versions

Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and pos

CVE-2005-2306

all versions

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authent

CVE-2004-2182

all versions

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user sess

CVE-2004-1478

all versions

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack

CVE-2004-1477

all versions

Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web sc

CVE-2004-0646

all versions

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20

CVE-2004-0928

all versions

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass auth

CVE-2004-1815

all versions

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argume

CVE-2002-2187

all versions

Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impa

CVE-2002-2186

all versions

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character value

CVE-2002-1855

all versions

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, whic

CVE-2002-1310

<= 4.0

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows rem

CVE-2002-1025

all versions

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes

CVE-2002-0937

all versions

The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server vi

CVE-2002-0801

all versions

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct req

CVE-2002-0665

all versions

Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in

CVE-2001-1545

all versions

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, w

CVE-2001-1544

all versions

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary

CVE-2001-1513

all versions

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users

CVE-2001-1512

all versions

Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and exec

CVE-2001-1511

all versions

JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source

CVE-2001-1510

all versions

Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers

CVE-2001-0926

all versions

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other

CVE-2001-1084

all versions

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for

CVE-2001-0179

all versions

Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory,

CVE-2000-1053

all versions

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS)

CVE-2000-1052

all versions

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter ser

CVE-2000-1051

all versions

Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter ser

CVE-2000-1050

all versions

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that conta

CVE-2000-1049

all versions

Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of

CVE-2000-0540

all versions

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain config

CVE-2000-0539

all versions

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via t