NotCVE - vendor:"Adobe" product:"ColdFusion" version:" <= 2021.17"

Page 16 of 175 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

CVE-2006-4724

https://notcve.org/view.php?id=CVE-2006-4724

14 Sep 2006 — Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Vulnerabilidad sin especificar en ColdFusion Flash Remoting Gateway de Adobe ColdFusion MX 7 y 7.01 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante vectores no especificados relacionados con un comando artesanal. • http://secunia.com/advisories/21866 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2006-3979

https://notcve.org/view.php?id=CVE-2006-3979

09 Aug 2006 — The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2006-2364

https://notcve.org/view.php?id=CVE-2006-2364

15 May 2006 — Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. • http://securityreason.com/securityalert/894 •

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-4343

https://notcve.org/view.php?id=CVE-2005-4343

17 Dec 2005 — Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0 permiten a atacantes remotos adjuntar ficheros de su elección y enviar correo mediante un un campo "Subject" artesanal, que no es manejado adecuadamente... • http://secunia.com/advisories/18078 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-4345

https://notcve.org/view.php?id=CVE-2005-4345

17 Dec 2005 — Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. Adobe (antes Macromedia) ColdFusion MX 7.0 expone la huella digital ('hash') de la contraseña de administrador en una llamada API, lo que permite a desarrolladores locales obtener la huella digital y ganar privilegios. • http://secunia.com/advisories/18078 •

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-4342

https://notcve.org/view.php?id=CVE-2005-4342

17 Dec 2005 — ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." ColdFusion Sandbox en Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0, no lanza una excepción si el SecurityManager está inhabilitado, lo que podría permitir a atacantes remotos "evitar controles de seguridad", ... • http://secunia.com/advisories/18078 •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-4344

https://notcve.org/view.php?id=CVE-2005-4344

17 Dec 2005 — Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. Adobe (antes Macromedia) ColdFusion MX 7.0 no respeta que la configuración CFOBJECT/CreateObject (Java) esté inhabilitada, lo que permite a usuarios locales crear un objeto a pesar de la configuración especificada. • http://secunia.com/advisories/18078 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-2306

https://notcve.org/view.php?id=CVE-2005-2306

19 Jul 2005 — Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1555

https://notcve.org/view.php?id=CVE-2005-1555

10 May 2005 — Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1022

https://notcve.org/view.php?id=CVE-2005-1022

09 Apr 2005 — ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 •

1...14 15 16 17 18