Page 8 of 43 results (0.010 seconds)

CVSS: 5.0EPSS: 20%CPEs: 20EXPL: 0

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." Adobe ColdFusion v8.0.1 y anteriores podrían permitir a atacantes obtener información sensible a través de vectores no especificado, esto es relativo a la "vulenrabilidad del caracter NU¨LL doblemente codificado". • http://osvdb.org/57189 http://www.adobe.com/support/security/bulletins/apsb09-12.html •

CVSS: 4.3EPSS: 32%CPEs: 21EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v8 y v8.0.1 y ColdFusion MX v7.0.2; permite a usuarios locales evitar las restricciones de la caja de arena (sandbox) y obtener información sensible o posiblemente ganar privilegios a través de vectores desconocidos. • http://osvdb.org/49709 http://secunia.com/advisories/32567 http://www.adobe.com/support/security/bulletins/apsb08-21.html http://www.securityfocus.com/bid/32130 http://www.securitytracker.com/id?1021145 http://www.vupen.com/english/advisories/2008/3032 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion MX 7 y ColdFusion 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-06.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019589 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. Adobe ColdFusion MX 7 y ColdFusion 8 permiten a atacantes remotos eludir el mecanismo de protección para aplicaciones contra secuencias de comandos en sitios cruzados (XSS) mediante vectores de ataque desconocidos relativos a la función setEncoding. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-07.html http://www.securityfocus.com/bid/28205 http://www.securitytracker.com/id?1019590 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41145 •