Page 11 of 60 results (0.027 seconds)

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Adobe ColdFusion MX de 6.1 a 7.02 inclusive, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificadas con la aparición de una página de error de ColdFusion. • http://secunia.com/advisories/21858 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-14.html http://www.securityfocus.com/bid/19982 http://www.vupen.com/english/advisories/2006/3575 https://exchange.xforce.ibmcloud.com/vulnerabilities/28922 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. Adobe ColdFusion MX 7 y 7.01 permite a usuarios locales evitar las restricciones de seguridad y llamar a componentes (CFC) encerrados en un cajón de arena (sandbox) desde plantillas CFML que están situadas fuera del cajón de arena. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-13.html http://www.securityfocus.com/bid/19985 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28920 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0

Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Vulnerabilidad sin especificar en ColdFusion Flash Remoting Gateway de Adobe ColdFusion MX 7 y 7.01 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante vectores no especificados relacionados con un comando artesanal. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-12.html http://www.securityfocus.com/bid/19984 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28912 •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 http://securitytracker.com/id?1016660 http://www.adobe.com/support/security/bulletins/apsb06-10.html http://www.securityfocus.com/bid/19426 http://www.vupen.com/english/advisories/2006/3224 https://exchange.xforce.ibmcloud.com/vulnerabilities/28294 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. Adobe (antes Macromedia) ColdFusion MX 7.0 no respeta que la configuración CFOBJECT/CreateObject (Java) esté inhabilitada, lo que permite a usuarios locales crear un objeto a pesar de la configuración especificada. • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015371 http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •