5 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. • http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5466 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. • http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full http://www.securityfocus.com/bid/1181 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. • http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full http://www.securityfocus.com/bid/915 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. • http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full http://www.securityfocus.com/bid/916 •

CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. • http://www.securityfocus.com/bid/955 https://exchange.xforce.ibmcloud.com/vulnerabilities/4025 •