EUVD-2015-5243

Malware in sbrugna...

The vulnerability of the BlazeDS component of the ColdFusion software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the BlazeDS component of the ColdFusion software platform relates to the disclosure of information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.

The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...

CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...