CVE-2006-4726
https://notcve.org/view.php?id=CVE-2006-4726
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Adobe ColdFusion MX de 6.1 a 7.02 inclusive, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificadas con la aparición de una página de error de ColdFusion. • http://secunia.com/advisories/21858 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-14.html http://www.securityfocus.com/bid/19982 http://www.vupen.com/english/advisories/2006/3575 https://exchange.xforce.ibmcloud.com/vulnerabilities/28922 •
CVE-2006-4725
https://notcve.org/view.php?id=CVE-2006-4725
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. Adobe ColdFusion MX 7 y 7.01 permite a usuarios locales evitar las restricciones de seguridad y llamar a componentes (CFC) encerrados en un cajón de arena (sandbox) desde plantillas CFML que están situadas fuera del cajón de arena. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-13.html http://www.securityfocus.com/bid/19985 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28920 •
CVE-2006-4724
https://notcve.org/view.php?id=CVE-2006-4724
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Vulnerabilidad sin especificar en ColdFusion Flash Remoting Gateway de Adobe ColdFusion MX 7 y 7.01 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante vectores no especificados relacionados con un comando artesanal. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-12.html http://www.securityfocus.com/bid/19984 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28912 •
CVE-2006-3979
https://notcve.org/view.php?id=CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 http://securitytracker.com/id?1016660 http://www.adobe.com/support/security/bulletins/apsb06-10.html http://www.securityfocus.com/bid/19426 http://www.vupen.com/english/advisories/2006/3224 https://exchange.xforce.ibmcloud.com/vulnerabilities/28294 •
CVE-2005-4344
https://notcve.org/view.php?id=CVE-2005-4344
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. Adobe (antes Macromedia) ColdFusion MX 7.0 no respeta que la configuración CFOBJECT/CreateObject (Java) esté inhabilitada, lo que permite a usuarios locales crear un objeto a pesar de la configuración especificada. • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015371 http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •