CVE-2008-0643
https://notcve.org/view.php?id=CVE-2008-0643
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion MX 7 y ColdFusion 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-06.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019589 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0644
https://notcve.org/view.php?id=CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. Adobe ColdFusion MX 7 y ColdFusion 8 permiten a atacantes remotos eludir el mecanismo de protección para aplicaciones contra secuencias de comandos en sitios cruzados (XSS) mediante vectores de ataque desconocidos relativos a la función setEncoding. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-07.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019590 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41145 •
CVE-2008-1203
https://notcve.org/view.php?id=CVE-2008-1203
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. El interfaz de administración para Adobe ColdFusion 8 y ColdFusion MX7 no registra los intentos de conexión fallidos, lo que provoca que que ataques de fuerza bruta de atacantes remotos no sean detectados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-08.html http://www.securityfocus.com/bid/28207 http://www.securitytracker.com/id?1019600 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41150 •
CVE-2007-5905
https://notcve.org/view.php?id=CVE-2007-5905
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. Adobe ColdFusion 8 y MX 7 permiten a atacantes remotos secuestrar sesiones mediante vectores no especificados que provocan el establecimiento de una sesión con una aplicación ColdFusion el la cual las cookies (1) CFID o (2) CFTOKEN tiene valores vacíos, posiblemente debido a una vulnerabilidad de fijación de sesión. • http://osvdb.org/41478 http://secunia.com/advisories/27644 http://securitytracker.com/id?1018944 http://www.adobe.com/go/kb402805 http://www.adobe.com/support/security/bulletins/apsb07-19.html http://www.securityfocus.com/bid/26429 http://www.vupen.com/english/advisories/2007/3859 https://exchange.xforce.ibmcloud.com/vulnerabilities/38446 • CWE-255: Credentials Management Errors •