Page 34 of 173 results (0.006 seconds)

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0

The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. • http://marc.info/?l=bugtraq&m=108213782629001&w=2 http://secunia.com/advisories/11392 http://securitytracker.com/id?1009825 http://www.macromedia.com/devnet/security/security_zone/mpsb04-06.html http://www.osvdb.org/5402 http://www.securityfocus.com/bid/10158 https://exchange.xforce.ibmcloud.com/vulnerabilities/15882 •

CVSS: 5.0EPSS: 28%CPEs: 12EXPL: 0

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 http://secunia.com/advisories/11132 http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html http://www.securityfocus.com/bid/9877 https://exchange.xforce.ibmcloud.com/vulnerabilities/15473 •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 http://secunia.com/advisories/11130 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57517-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201713-1 http://www.securityfocus.com/bid/9877 https://exchange.xforce.ibmcloud.com/vulnerabilities/15473 •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22544 http://securityreason.com/securityalert/3307 http://www.nii.co.in/vuln/pdmac.html http://www.securityfocus.com/archive/1/319867 http://www.securityfocus.com/bid/7443 https://exchange.xforce.ibmcloud.com/vulnerabilities/11879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. • https://www.exploit-db.com/exploits/21548 http://online.securityfocus.com/archive/1/277487 http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 http://www.securityfocus.com/bid/5011 https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •