Page 16 of 90 results (0.015 seconds)

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html http://www.securityfocus.com/bid/9522 https://exchange.xforce.ibmcloud.com/vulnerabilities/14983 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html http://www.securityfocus.com/bid/9521 https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/584958 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. • http://secunia.com/advisories/12693 http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html http://www.osvdb.org/10718 http://www.securityfocus.com/archive/1/377213 http://www.securityfocus.com/bid/11364 https://exchange.xforce.ibmcloud.com/vulnerabilities/17567 •