CVE-2009-1872 – Adobe ColdFusion Server 8.0.1 - '/wizards/common/_logintowizard.cfm' Query String Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1872
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados, afectando a la respuesta de un archivo en la raiz web JRun. • http://osvdb.org/34039 http://secunia.com/advisories/24488 http://www.adobe.com/support/security/bulletins/apsb07-07.html http://www.securityfocus.com/bid/22958 http://www.securitytracker.com/id?1017752 http://www.vupen.com/english/advisories/2007/0932 https://exchange.xforce.ibmcloud.com/vulnerabilities/32994 •
CVE-2005-4342
https://notcve.org/view.php?id=CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." ColdFusion Sandbox en Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0, no lanza una excepción si el SecurityManager está inhabilitado, lo que podría permitir a atacantes remotos "evitar controles de seguridad", tcc "Vulnerabilidad de Seguridad de Caja de Arena de JRun Agrupado" • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015369 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •
CVE-2005-4343
https://notcve.org/view.php?id=CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0 permiten a atacantes remotos adjuntar ficheros de su elección y enviar correo mediante un un campo "Subject" artesanal, que no es manejado adecuadamente por la etiqueta CFMAIL en aplicaciones que usan ColdFurion, tcc "Vulnerabilidad de inyección CFMAIL". • http://secunia.com/advisories/18078 http://securitytracker.com/id?1015369 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://www.vupen.com/english/advisories/2005/2948 •
CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •