CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2306
https://notcve.org/view.php?id=CVE-2005-2306
19 Jul 2005 — Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1555
https://notcve.org/view.php?id=CVE-2005-1555
10 May 2005 — Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1022
https://notcve.org/view.php?id=CVE-2005-1022
09 Apr 2005 — ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
31 Dec 2004 — Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 •
CVSS: 8.1EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
31 Dec 2004 — JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2204
https://notcve.org/view.php?id=CVE-2004-2204
31 Dec 2004 — Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. • http://secunia.com/advisories/12693 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2331
https://notcve.org/view.php?id=CVE-2004-2331
31 Dec 2004 — ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2330
https://notcve.org/view.php?id=CVE-2004-2330
31 Dec 2004 — ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 •
CVSS: 10.0EPSS: 7%CPEs: 5EXPL: 0CVE-2004-0646
https://notcve.org/view.php?id=CVE-2004-0646
19 Nov 2004 — Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. Desbordamiento de búfer en la función WriteToLog de los conectores web JRun 3.0 a 4.0, como mod_jrun y mod_jrun20 para Apache con registro verboso activado, permite a atacantes remotos ejecutar código de su elección mediante una u... • http://secunia.com/advisories/12647 •
CVSS: 9.1EPSS: 10%CPEs: 11EXPL: 0CVE-2004-0928
https://notcve.org/view.php?id=CVE-2004-0928
05 Oct 2004 — The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •