Page 27 of 173 results (0.008 seconds)

CVSS: 4.3EPSS: 32%CPEs: 21EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v8 y v8.0.1 y ColdFusion MX v7.0.2; permite a usuarios locales evitar las restricciones de la caja de arena (sandbox) y obtener información sensible o posiblemente ganar privilegios a través de vectores desconocidos. • http://osvdb.org/49709 http://secunia.com/advisories/32567 http://www.adobe.com/support/security/bulletins/apsb08-21.html http://www.securityfocus.com/bid/32130 http://www.securitytracker.com/id?1021145 http://www.vupen.com/english/advisories/2008/3032 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. Adobe ColdFusion 8 and 8.0.1 no implementa adecuadamente el nivel de acceso público para los métodos CFC, lo cual permite a atacantes remotos invocar esos métodos a través de Flex 2 remotos, una vulnerabilidad distinta a CVE-2006-4725. • http://secunia.com/advisories/29748 http://securitytracker.com/id?1019806 http://www.adobe.com/support/security/bulletins/apsb08-12.html http://www.osvdb.org/44280 http://www.securityfocus.com/bid/28698 http://www.vupen.com/english/advisories/2008/1157 https://exchange.xforce.ibmcloud.com/vulnerabilities/41720 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion MX 7 y ColdFusion 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-06.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019589 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. Adobe ColdFusion MX 7 y ColdFusion 8 permiten a atacantes remotos eludir el mecanismo de protección para aplicaciones contra secuencias de comandos en sitios cruzados (XSS) mediante vectores de ataque desconocidos relativos a la función setEncoding. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-07.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019590 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41145 •