63 matches found
EUVD-2002-1971
Malware in sbrugna...
EUVD-2004-0407
Malware in sbrugna...
EUVD-2005-1558
Malware in sbrugna...
EUVD-2005-2307
Malware in sbrugna...
EUVD-2006-3972
Malware in sbrugna...
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via 1 a long template file name or 2 a long HTTP header...
SUSE CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
ColdFusion MX Missing Template Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5011/info ColdFusion MX is prone to cross site scripting attacks. Attacker-supplied script code may be included in a malicious missing template URI generated by the default Missing Template handler of ColdFusion. The...
Macromedia ColdFusion MX 6.1 Template Handling Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11316/info Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with...
Macromedia ColdFusion MX 6.0 SQL Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8840/info It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be...
Macromedia ColdFusion MX 6.0 Error Message Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is...
CVE-2007-1874
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the 1 CFMX7DreamWeaverExtensions.mxp, 2 CFReportBuilderInstaller.exe, 3 .com.zerog.registry.xml, 4...
CVE-2007-1874
CVE-2007-1874 affects Adobe ColdFusion MX 7 for Linux and Solaris. The vulnerability stems from insecure permissions on specific scripts and directories (including CFMX7DreamWeaverExtensions.mxp, CFReportBuilderInstaller.exe, .com.zerog.registry.xml, uninstall.lax, license.txt, Readme.htm, k2admi...
Design/Logic Flaw
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root...
JVN#28356427 ColdFusion cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...
ColdFusion MX Remote Development Service Exploit
No description provided by source. !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN UNPATCHED VULNERABILITY ColdFusion 6 MX Server does several things in order to get remote dir structure so we will need to recreate these functions. This is a "almost"...
CVE-2006-3978
The CVE-2006-3978 entry covers an unspecified vulnerability in a Verity third‑party library used by Adobe ColdFusion MX 7 through MX 7.0.2 (and possibly other products). The vulnerability is described as allowing local users to execute arbitrary code via unknown attack vectors, i.e., a local priv...
CVE-2006-4725
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components CFC within a sandbox from CFML templates that are located outside of the sandbox...
CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator...
Macromedia ColdFusion MX application server crossite scripting
Crossite scripting with error pages...