CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2006-4724
https://notcve.org/view.php?id=CVE-2006-4724
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Vulnerabilidad sin especificar en ColdFusion Flash Remoting Gateway de Adobe ColdFusion MX 7 y 7.01 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante vectores no especificados relacionados con un comando artesanal. • http://secunia.com/advisories/21866 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-12.html http://www.securityfocus.com/bid/19984 http://www.vupen.com/english/advisories/2006/3574 https://exchange.xforce.ibmcloud.com/vulnerabilities/28912 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3979
https://notcve.org/view.php?id=CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 http://securitytracker.com/id?1016660 http://www.adobe.com/support/security/bulletins/apsb06-10.html http://www.securityfocus.com/bid/19426 http://www.vupen.com/english/advisories/2006/3224 https://exchange.xforce.ibmcloud.com/vulnerabilities/28294 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2364
https://notcve.org/view.php?id=CVE-2006-2364
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. • http://securityreason.com/securityalert/894 http://www.securityfocus.com/archive/1/433819 http://www.securityfocus.com/bid/17938 https://exchange.xforce.ibmcloud.com/vulnerabilities/26508 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4344
https://notcve.org/view.php?id=CVE-2005-4344
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. Adobe (antes Macromedia) ColdFusion MX 7.0 no respeta que la configuración CFOBJECT/CreateObject (Java) esté inhabilitada, lo que permite a usuarios locales crear un objeto a pesar de la configuración especificada. • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015371 http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2005-4342
https://notcve.org/view.php?id=CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." ColdFusion Sandbox en Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0, no lanza una excepción si el SecurityManager está inhabilitado, lo que podría permitir a atacantes remotos "evitar controles de seguridad", tcc "Vulnerabilidad de Seguridad de Caja de Arena de JRun Agrupado" • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015369 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •