CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2004-1893
https://notcve.org/view.php?id=CVE-2004-1893
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. • http://marc.info/?l=bugtraq&m=108102481929451&w=2 http://secunia.com/advisories/11284 http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html http://www.nextgenss.com/advisories/dreamweaver.txt http://www.securityfocus.com/bid/10036 https://exchange.xforce.ibmcloud.com/vulnerabilities/15721 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2204
https://notcve.org/view.php?id=CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. • http://secunia.com/advisories/12693 http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html http://www.osvdb.org/10718 http://www.securityfocus.com/archive/1/377213 http://www.securityfocus.com/bid/11364 https://exchange.xforce.ibmcloud.com/vulnerabilities/17567 •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2004-0646
https://notcve.org/view.php?id=CVE-2004-0646
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. Desbordamiento de búfer en la función WriteToLog de los conectores web JRun 3.0 a 4.0, como mod_jrun y mod_jrun20 para Apache con registro verboso activado, permite a atacantes remotos ejecutar código de su elección mediante una una cabecera HTTP Content-Type larga u otros campos. • http://secunia.com/advisories/12647 http://www.kb.cert.org/vuls/id/990200 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html http://www.securityfocus.com/archive/1/377194 http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17485 •
CVSS: 5.0EPSS: 13%CPEs: 11EXPL: 0CVE-2004-0928
https://notcve.org/view.php?id=CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://secunia.com/advisories/12647 http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities http://www.kb.cert.org/vuls/id/977440 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0407
https://notcve.org/view.php?id=CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. • http://marc.info/?l=bugtraq&m=108213782629001&w=2 http://secunia.com/advisories/11392 http://securitytracker.com/id?1009825 http://www.macromedia.com/devnet/security/security_zone/mpsb04-06.html http://www.osvdb.org/5402 http://www.securityfocus.com/bid/10158 https://exchange.xforce.ibmcloud.com/vulnerabilities/15882 •