CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6482
https://notcve.org/view.php?id=CVE-2006-6482
12 Dec 2006 — Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. Adobe ColdFusion MX7 permite a atacantes remotos la obtención de información sensible a través de una petición vía mediante una URL (1) un fichero no existen... • http://secunia.com/advisories/23281 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2006-6483
https://notcve.org/view.php?id=CVE-2006-6483
12 Dec 2006 — Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. Adobe ColdFusion MX7 no filtra correctamente etiquetas HTML cuando se está protegiendo contra ataques mediante secuencias de comandos en sitios cruzados (XSS), permitiendo a atacantes remotos la inyección de secuencias de c... • http://secunia.com/advisories/23281 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-3978
https://notcve.org/view.php?id=CVE-2006-3978
10 Oct 2006 — Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. Vulnerabilidad no especificada en una librería Verity de terceros, como la usada en Adobe ColdFusion MX 7 hasta MX 7.0.2 y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/22312 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2006-4724
https://notcve.org/view.php?id=CVE-2006-4724
14 Sep 2006 — Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Vulnerabilidad sin especificar en ColdFusion Flash Remoting Gateway de Adobe ColdFusion MX 7 y 7.01 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante vectores no especificados relacionados con un comando artesanal. • http://secunia.com/advisories/21866 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4725
https://notcve.org/view.php?id=CVE-2006-4725
14 Sep 2006 — Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. Adobe ColdFusion MX 7 y 7.01 permite a usuarios locales evitar las restricciones de seguridad y llamar a componentes (CFC) encerrados en un cajón de arena (sandbox) desde plantillas CFML que están situadas fuera del cajón de arena. • http://secunia.com/advisories/21866 •
CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 0CVE-2006-4726
https://notcve.org/view.php?id=CVE-2006-4726
14 Sep 2006 — Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Adobe ColdFusion MX de 6.1 a 7.02 inclusive, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificadas con la aparición de una página de error de ColdFusion. • http://secunia.com/advisories/21858 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3979
https://notcve.org/view.php?id=CVE-2006-3979
09 Aug 2006 — The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2364
https://notcve.org/view.php?id=CVE-2006-2364
15 May 2006 — Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. • http://securityreason.com/securityalert/894 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4345
https://notcve.org/view.php?id=CVE-2005-4345
17 Dec 2005 — Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. Adobe (antes Macromedia) ColdFusion MX 7.0 expone la huella digital ('hash') de la contraseña de administrador en una llamada API, lo que permite a desarrolladores locales obtener la huella digital y ganar privilegios. • http://secunia.com/advisories/18078 •
CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4342
https://notcve.org/view.php?id=CVE-2005-4342
17 Dec 2005 — ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." ColdFusion Sandbox en Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0, no lanza una excepción si el SecurityManager está inhabilitado, lo que podría permitir a atacantes remotos "evitar controles de seguridad", ... • http://secunia.com/advisories/18078 •