CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6482
https://notcve.org/view.php?id=CVE-2006-6482
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. Adobe ColdFusion MX7 permite a atacantes remotos la obtención de información sensible a través de una petición vía mediante una URL (1) un fichero no existente (a) JWS, (b) CFM, (c) CFML o (d) CFC, que muestra la ruta de instalación en un mensaje de error, o en el(2) /CFIDE/administrator/login.cfm sin un host, que puede mostrar la dirección IP interna del servidor en una etiqueta HREF. • http://secunia.com/advisories/23281 http://securityreason.com/securityalert/2021 http://securitytracker.com/id?1017361 http://www.securityfocus.com/archive/1/454046/100/0/threaded http://www.securityfocus.com/bid/21532 http://www.vupen.com/english/advisories/2006/4949 https://exchange.xforce.ibmcloud.com/vulnerabilities/30839 https://exchange.xforce.ibmcloud.com/vulnerabilities/30840 •
CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 0CVE-2006-6483
https://notcve.org/view.php?id=CVE-2006-6483
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. Adobe ColdFusion MX7 no filtra correctamente etiquetas HTML cuando se está protegiendo contra ataques mediante secuencias de comandos en sitios cruzados (XSS), permitiendo a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante un byte NULL (%00) en determinadas etiquetas HTML, como lo demostrado utilizando "%00script" en una etiqueta. • http://secunia.com/advisories/23281 http://securityreason.com/securityalert/2021 http://securitytracker.com/id?1017361 http://www.adobe.com/support/security/bulletins/apsb07-06.html http://www.securityfocus.com/archive/1/454046/100/0/threaded http://www.securityfocus.com/bid/21532 http://www.vupen.com/english/advisories/2006/4949 https://exchange.xforce.ibmcloud.com/vulnerabilities/30841 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-3978
https://notcve.org/view.php?id=CVE-2006-3978
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. Vulnerabilidad no especificada en una librería Verity de terceros, como la usada en Adobe ColdFusion MX 7 hasta MX 7.0.2 y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/22312 http://securitytracker.com/id?1017040 http://www.adobe.com/support/security/bulletins/apsb06-17.html http://www.securityfocus.com/bid/20431 http://www.vupen.com/english/advisories/2006/4003 https://exchange.xforce.ibmcloud.com/vulnerabilities/29475 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4725
https://notcve.org/view.php?id=CVE-2006-4725
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. Adobe ColdFusion MX 7 y 7.01 permite a usuarios locales evitar las restricciones de seguridad y llamar a componentes (CFC) encerrados en un cajón de arena (sandbox) desde plantillas CFML que están situadas fuera del cajón de arena. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-13.html http://www.securityfocus.com/bid/19985 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28920 •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-4726
https://notcve.org/view.php?id=CVE-2006-4726
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Adobe ColdFusion MX de 6.1 a 7.02 inclusive, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificadas con la aparición de una página de error de ColdFusion. • http://secunia.com/advisories/21858 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-14.html http://www.securityfocus.com/bid/19982 http://www.vupen.com/english/advisories/2006/3575 https://exchange.xforce.ibmcloud.com/vulnerabilities/28922 •