Page 2 of 9 results (0.010 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. • http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full http://www.securityfocus.com/bid/1181 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. • http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full http://www.securityfocus.com/bid/915 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. • http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full http://www.securityfocus.com/bid/916 •

CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. • http://www.securityfocus.com/bid/955 https://exchange.xforce.ibmcloud.com/vulnerabilities/4025 •