Foundstone Labs

5 exploits Active since Dec 2000
CVE-2000-1025 EXPLOITDB text WORKING POC
eWave ServletExec <3.0C - DoS
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.
CVE-2000-1053 EXPLOITDB text WRITEUP
Allaire JRun 2.3.3 - XSS
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
EIP-2026-103842 EXPLOITDB text WRITEUP
Allaire JRun 2.3 - File Source Code Disclosure
CVE-2000-1050 EXPLOITDB text WRITEUP
Allaire JRun 3.0 - Path Traversal
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
CVE-2001-0555 EXPLOITDB text WORKING POC
ScreamingMedia SITEWare <3.1 - Info Disclosure
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.