CVE-2011-0734
https://notcve.org/view.php?id=CVE-2011-0734
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion v9.0.1 CHF1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro id que contiene un controlador de evento onLoad de JavaScript para un elemento BODY, relacionado con un ataque de "etiqueta body". • http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html http://kb2.adobe.com/cps/890/cpsid_89094.html http://osvdb.org/70778 http://securitytracker.com/id?1025012 http://websecurity.com.ua/4879 http://www.adobe.com/support/security/bulletins/apsb11-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0735
https://notcve.org/view.php?id=CVE-2011-0735
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion before v9.0.1 CHF1 permite a atacantes remotos ejecutar código web o HTML de su elección a través de vectores relacionados con una "secuencia de comandos de etiquetas" • http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html http://kb2.adobe.com/cps/890/cpsid_89094.html http://osvdb.org/70779 http://websecurity.com.ua/4879 http://www.adobe.com/support/security/bulletins/apsb11-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2861 – Adobe ColdFusion Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2010-2861
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. Múltiples vulnerabilidades de salto de directorio en la consola del administrador en ColdFusion de Adobe versión 9.0.1 y anteriores, permiten a los atacantes remotos leer archivos arbitrarios por medio del parámetro locale en los archivos (1) CFIDE/administrador/configuración/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm y (5) enter.cfm en CFIDE/administrador/. A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files. • https://www.exploit-db.com/exploits/16985 https://www.exploit-db.com/exploits/14641 http://securityreason.com/securityalert/8137 http://securityreason.com/securityalert/8148 http://www.adobe.com/support/security/bulletins/apsb10-18.html http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1294
https://notcve.org/view.php?id=CVE-2010-1294
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion 8.0, 8.0.1 y 9.0 permite a usuarios locales obtener información sensible mediante vectores desconocidos. • http://secunia.com/advisories/39790 http://www.adobe.com/support/security/bulletins/apsb10-11.html http://www.vupen.com/english/advisories/2010/1127 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3467
https://notcve.org/view.php?id=CVE-2009-3467
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en un método no especificado en Adobe ColdFusion 8.0, 8.0.1 y 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos. • http://secunia.com/advisories/39790 http://www.adobe.com/support/security/bulletins/apsb10-11.html http://www.vupen.com/english/advisories/2010/1127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •