Page 32 of 173 results (0.011 seconds)

CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 http://securitytracker.com/id?1014489 http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20550 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html http://www.securityfocus.com/bid/9522 https://exchange.xforce.ibmcloud.com/vulnerabilities/14983 •