CVE-2009-1872 – Adobe ColdFusion Server 8.0.1 - '/wizards/common/_logintowizard.cfm' Query String Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1872
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-2364
https://notcve.org/view.php?id=CVE-2006-2364
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. • http://securityreason.com/securityalert/894 http://www.securityfocus.com/archive/1/433819 http://www.securityfocus.com/bid/17938 https://exchange.xforce.ibmcloud.com/vulnerabilities/26508 •
CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •
CVE-2001-1514
https://notcve.org/view.php?id=CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. • http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263 •