Page 11 of 116 results (0.018 seconds)

CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 http://securitytracker.com/id?1014489 http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20550 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/668206 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17483 •