CVSS: 5.0EPSS: 2%CPEs: 5EXPL: 0CVE-2005-4343
https://notcve.org/view.php?id=CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0 permiten a atacantes remotos adjuntar ficheros de su elección y enviar correo mediante un un campo "Subject" artesanal, que no es manejado adecuadamente por la etiqueta CFMAIL en aplicaciones que usan ColdFurion, tcc "Vulnerabilidad de inyección CFMAIL". • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015369 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4345
https://notcve.org/view.php?id=CVE-2005-4345
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. Adobe (antes Macromedia) ColdFusion MX 7.0 expone la huella digital ('hash') de la contraseña de administrador en una llamada API, lo que permite a desarrolladores locales obtener la huella digital y ganar privilegios. • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015371 http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2306
https://notcve.org/view.php?id=CVE-2005-2306
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 http://securitytracker.com/id?1014489 http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1555
https://notcve.org/view.php?id=CVE-2005-1555
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20550 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1022
https://notcve.org/view.php?id=CVE-2005-1022
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html •