CVE-2002-0665
published 2002-07-11CVE-2002-0665: Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.72%
95.3th percentile
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| macromedia | jrun | — | — |
| macromedia | jrun | — | — |
| macromedia | jrun | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Access 97/2000/2002 Snapshot Viewer - ActiveX Control Parameter Buffer Overflow
exploitdb·2003-09-03
CVE-2003-0665 Microsoft Access 97/2000/2002 Snapshot Viewer - ActiveX Control Parameter Buffer Overflow
Microsoft Access 97/2000/2002 Snapshot Viewer - ActiveX Control Parameter Buffer Overflow
---
// source: https://www.securityfocus.com/bid/8536/info
Microsoft Access Snapshot Viewer is prone to a remote buffer-overflow condition because the software fails to perform sufficient boundary checks on user-supplied parameters. Presumably, a remote attacker may be able to leverage this issue to execute arbitrary code in the context of the user running the affected Internet Explorer.
/* Microsoft Access Snapshot Viewer ActiveX Control Exploit
Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0
Download nice binaries into an arbitrary box
Vulnerability discovered by Oliver Lavery
https://www.securityfocus.com/bid/8536/info
Remote: Yes
greetz to str0ke */
#include
#include
#define Filename "
Exploit-DB
Macromedia JRun 3/4 - Administrative Authentication Bypass
exploitdb·2002-06-28
CVE-2002-0665 Macromedia JRun 3/4 - Administrative Authentication Bypass
Macromedia JRun 3/4 - Administrative Authentication Bypass
---
source: https://www.securityfocus.com/bid/5118/info
Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a request for the administrative authentication page.
http://JRun-Server:8000//welcome.jsp?&action=stop&server=default
will shutdown the 'default' JRun server instance on port 8100. Other
administrative functions can also be accessed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.htmlhttp://marc.info/?l=bugtraq&m=102529402127195&w=2http://www.iss.net/security_center/static/9450.phphttp://www.macromedia.com/v1/handlers/index.cfm?ID=23164http://www.securityfocus.com/bid/5118http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.htmlhttp://marc.info/?l=bugtraq&m=102529402127195&w=2http://www.iss.net/security_center/static/9450.phphttp://www.macromedia.com/v1/handlers/index.cfm?ID=23164http://www.securityfocus.com/bid/5118
2002-07-11
Published