NotCVE - vendor:"Adobe" product:"Coldfusion" version:"9.0"

Page 12 of 57 results (0.008 seconds)

CVSS: 4.3EPSS: 94%CPEs: 12EXPL: 2

CVE-2009-3960 – Adobe BlazeDS Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents. Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener información confidencial a través de vectores de ataque asociados con una petición, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML. Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2. • https://www.exploit-db.com/exploits/11529 https://www.exploit-db.com/exploits/41855 http://secunia.com/advisories/38543 http://securitytracker.com/id?1023584 http://www.adobe.com/support/security/bulletins/apsb10-05.html http://www.osvdb.org/62292 http://www.securityfocus.com/bid/38197 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-0185

https://notcve.org/view.php?id=CVE-2010-0185

The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. La configuración por defecto en Adobe ColdFusion v9.0 no limita el acceso a las colecciones que han sido creadas mediante el servicio Solr, lo que permite a atacantes remotos conseguir información de los metadatos, de búsquedas, y datos del indice a través de una petición a una URL sin especificar. • http://kb2.adobe.com/cps/807/cpsid_80719.html http://osvdb.org/62037 http://secunia.com/advisories/38387 http://www.adobe.com/support/security/bulletins/apsb10-04.html http://www.securityfocus.com/bid/38007 http://www.securitytracker.com/id?1023519 http://www.vupen.com/english/advisories/2010/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/55997 • CWE-264: Permissions, Privileges, and Access Controls •

1...10 11 12