CVE-2007-5905
https://notcve.org/view.php?id=CVE-2007-5905
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. Adobe ColdFusion 8 y MX 7 permiten a atacantes remotos secuestrar sesiones mediante vectores no especificados que provocan el establecimiento de una sesión con una aplicación ColdFusion el la cual las cookies (1) CFID o (2) CFTOKEN tiene valores vacíos, posiblemente debido a una vulnerabilidad de fijación de sesión. • http://osvdb.org/41478 http://secunia.com/advisories/27644 http://securitytracker.com/id?1018944 http://www.adobe.com/go/kb402805 http://www.adobe.com/support/security/bulletins/apsb07-19.html http://www.securityfocus.com/bid/26429 http://www.vupen.com/english/advisories/2007/3859 https://exchange.xforce.ibmcloud.com/vulnerabilities/38446 • CWE-255: Credentials Management Errors •
CVE-2007-0817 – Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0817
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion web server permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cabecera HTTP User-Agent, que no se ha saneado previamente a ser mostrada en una página de error. • https://www.exploit-db.com/exploits/29567 http://osvdb.org/32120 http://secunia.com/advisories/24115 http://www.adobe.com/support/security/bulletins/apsb07-04.html http://www.securityfocus.com/archive/1/459178/100/0/threaded http://www.securityfocus.com/bid/22401 http://www.securitytracker.com/id?1017645 http://www.vupen.com/english/advisories/2007/0593 •
CVE-2006-5858
https://notcve.org/view.php?id=CVE-2006-5858
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. Adobe ColdFusion MX 7 hasta 7.0.2, y JRun 4, cuando se ejecuta en Microsoft IIS, permite a atacantes remotos leer archivos de su elección, listar directorios, o leer código fuente mediante un byte nulo (NULL) con doble codificación URL en un nombre de archivo ColdFusion, por ejemplo un archivo CFM. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466 http://osvdb.org/32123 http://secunia.com/advisories/23668 http://securitytracker.com/id?1017490 http://www.adobe.com/support/security/bulletins/apsb07-02.html http://www.securityfocus.com/archive/1/457799/100/0/threaded http://www.securityfocus.com/bid/21978 http://www.vupen.com/english/advisories/2007/0116 https://exchange.xforce.ibmcloud.com/vulnerabilities/31411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-3978
https://notcve.org/view.php?id=CVE-2006-3978
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. Vulnerabilidad no especificada en una librería Verity de terceros, como la usada en Adobe ColdFusion MX 7 hasta MX 7.0.2 y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/22312 http://securitytracker.com/id?1017040 http://www.adobe.com/support/security/bulletins/apsb06-17.html http://www.securityfocus.com/bid/20431 http://www.vupen.com/english/advisories/2006/4003 https://exchange.xforce.ibmcloud.com/vulnerabilities/29475 •
CVE-2006-3979
https://notcve.org/view.php?id=CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 http://securitytracker.com/id?1016660 http://www.adobe.com/support/security/bulletins/apsb06-10.html http://www.securityfocus.com/bid/19426 http://www.vupen.com/english/advisories/2006/3224 https://exchange.xforce.ibmcloud.com/vulnerabilities/28294 •