Page 23 of 149 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. Adobe ColdFusion MX 7 y ColdFusion 8 permiten a atacantes remotos eludir el mecanismo de protección para aplicaciones contra secuencias de comandos en sitios cruzados (XSS) mediante vectores de ataque desconocidos relativos a la función setEncoding. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-07.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019590 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41145 •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. El interfaz de administración para Adobe ColdFusion 8 y ColdFusion MX7 no registra los intentos de conexión fallidos, lo que provoca que que ataques de fuerza bruta de atacantes remotos no sean detectados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-08.html http://www.securityfocus.com/bid/28207 http://www.securitytracker.com/id?1019600 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41150 •

CVSS: 6.8EPSS: 4%CPEs: 2EXPL: 0

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. Adobe ColdFusion 8 y MX 7 permiten a atacantes remotos secuestrar sesiones mediante vectores no especificados que provocan el establecimiento de una sesión con una aplicación ColdFusion el la cual las cookies (1) CFID o (2) CFTOKEN tiene valores vacíos, posiblemente debido a una vulnerabilidad de fijación de sesión. • http://osvdb.org/41478 http://secunia.com/advisories/27644 http://securitytracker.com/id?1018944 http://www.adobe.com/go/kb402805 http://www.adobe.com/support/security/bulletins/apsb07-19.html http://www.securityfocus.com/bid/26429 http://www.vupen.com/english/advisories/2007/3859 https://exchange.xforce.ibmcloud.com/vulnerabilities/38446 • CWE-255: Credentials Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. Adobe ColdFusion MX 7 para Linux y Solaris utiliza permisos inseguros para ciertas secuencias de comandos y directorios, lo cual permite a usuarios locales ejecutar código de su elección u obtener información sensible mediante los ficheros (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, o (9) k2adminstart; o (10) ciertos ficheros en lib/wsconfig/. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510 http://osvdb.org/34930 http://secunia.com/advisories/24850 http://www.adobe.com/support/security/bulletins/apsb07-08.html http://www.securityfocus.com/bid/23405 http://www.securitytracker.com/id?1017899 http://www.vupen.com/english/advisories/2007/1341 https://exchange.xforce.ibmcloud.com/vulnerabilities/33571 •

CVSS: 4.3EPSS: 4%CPEs: 4EXPL: 0

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados, afectando a la respuesta de un archivo en la raiz web JRun. • http://osvdb.org/34039 http://secunia.com/advisories/24488 http://www.adobe.com/support/security/bulletins/apsb07-07.html http://www.securityfocus.com/bid/22958 http://www.securitytracker.com/id?1017752 http://www.vupen.com/english/advisories/2007/0932 https://exchange.xforce.ibmcloud.com/vulnerabilities/32994 •