CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4343
https://notcve.org/view.php?id=CVE-2005-4343
17 Dec 2005 — Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0 permiten a atacantes remotos adjuntar ficheros de su elección y enviar correo mediante un un campo "Subject" artesanal, que no es manejado adecuadamente... • http://secunia.com/advisories/18078 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2306
https://notcve.org/view.php?id=CVE-2005-2306
19 Jul 2005 — Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. "Race condition" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando están bajo carga pesada, provocan que JRun asigne una autentifcación duplicada a sesiones múltiples, lo que podría permitir que usuarios autentificados obtengan privilegios como otros usuarios. • http://secunia.com/advisories/16081 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1555
https://notcve.org/view.php?id=CVE-2005-1555
10 May 2005 — Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. • http://marc.info/?l=bugtraq&m=111575500403231&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1816
https://notcve.org/view.php?id=CVE-2004-1816
15 Mar 2004 — Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2004-1815
https://notcve.org/view.php?id=CVE-2004-1815
15 Mar 2004 — Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 •