Lucene search
K

5 matches found

CVE
CVE
added 2007/01/10 2:0 a.m.76 views

CVE-2006-5858

CVE-2006-5858 affects Adobe ColdFusion MX 7–7.0.2 and JRun 4 when run on Microsoft IIS. The vulnerability allows remote attackers to read arbitrary files, list directories, or read source code by sending a double URL-encoded NULL byte in a ColdFusion filename (e.g., a .cfm file). This is a server...

5CVSS6.7AI score0.12908EPSS
CVE
CVE
added 2007/02/14 2:0 a.m.62 views

CVE-2006-5860

CVE-2006-5860 is an XSS vulnerability affecting Adobe JRun 4.0 in its administrator console as used with ColdFusion. The available connected sources confirm the flaw allows an attacker to inject arbitrary web script or HTML into the admin browser session, via unknown vectors. The JVN entry additi...

4.3CVSS5.6AI score0.0319EPSS
CVE
CVE
added 2009/08/18 10:0 p.m.59 views

CVE-2009-1873

Adobe JRun 4.x Management Console is affected by CVE-2009-1873: a directory traversal in logviewer.jsp that, when exploited by an authenticated remote attacker via the logfile parameter, allows reading arbitrary files on the server. Affected product is Adobe JRun Application Server 4 Updater 7. C...

4CVSS6.1AI score0.04697EPSS
Web
CVE
CVE
added 2009/08/18 10:0 p.m.58 views

CVE-2009-1874

CVE-2009-1874 : Adobe JRun 4.0 Management Console is affected by multiple XSS vulnerabilities. The references indicate that remote attackers can inject arbitrary web script or HTML via unspecified vectors in the Management Console. The NVD entry lists a base score of 4.3 (Medium) with Network att...

4.3CVSS5.7AI score0.01751EPSS
CVE
CVE
added 2007/03/16 8:0 p.m.56 views

CVE-2007-1278

CVE-2007-1278 describes a denial-of-service vulnerability in the IIS connector used by Adobe JRun 4.0 Updater 6 and ColdFusion MX 6.1/7.0 Enterprise when deployed on Microsoft IIS 6. The issue arises from handling a request for a file in the JRun web root, which can allow remote attackers to caus...

4.3CVSS6.6AI score0.25617EPSS