Shodan
Vulnerabilities
Vulnerable Software
Macromedia:  Security Vulnerabilities
CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-10-30
CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
CVSS Score
7.5
EPSS Score
0.076
Published
2001-07-11
CVE-2001-1084
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
CVSS Score
7.5
EPSS Score
0.003
Published
2001-07-02
CVE-2001-0179
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
CVSS Score
5.0
EPSS Score
0.03
Published
2001-05-03
CVE-2001-0166
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
CVSS Score
7.6
EPSS Score
0.01
Published
2001-03-26
CVE-2000-1049
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
CVSS Score
5.0
EPSS Score
0.008
Published
2000-12-11
CVE-2000-1050
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
CVSS Score
5.0
EPSS Score
0.136
Published
2000-12-11
CVE-2000-1051
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
CVSS Score
5.0
EPSS Score
0.01
Published
2000-12-11
CVE-2000-1052
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-12-11
CVE-2000-1053
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
CVSS Score
10.0
EPSS Score
0.088
Published
2000-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved