CVSS: 4.3EPSS: 32%CPEs: 21EXPL: 5CVE-2009-1872 – Adobe ColdFusion Server 8.0.1 - '/wizards/common/_logintowizard.cfm' Query String Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1872
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1514
https://notcve.org/view.php?id=CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. • http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2001-1427
https://notcve.org/view.php?id=CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. • http://www.kb.cert.org/vuls/id/321475 http://www.macromedia.com/devnet/security/security_zone/mpsb01-07.html http://www.securityfocus.com/bid/3023 https://exchange.xforce.ibmcloud.com/vulnerabilities/6840 •