33 matches found
EUVD-2004-2196
Malware in sbrugna...
Macromedia ColdFusion MX 6.0 SQL Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8840/info It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be...
Macromedia ColdFusion MX 6.1 Template Handling Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11316/info Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with...
Macromedia ColdFusion MX 6.0 Oversized Error Message Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10163/info A denial of service vulnerability has been reported in Macromedia ColdFusion MX that is reported to occur when the software attempts to write oversized error messages. These error messages will be logged by the...
Adobe ColdFusion Detection
Adobe ColdFusion formerly Macromedia ColdFusion, a rapid application development platform, is running on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42339; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate",...
iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND Adobe Macromedia ColdFusion is an application server and development framework for websites. More information is...
Multiple Macromedia Coldfusion security vulnerabilities
DoS, crossite scripting, sandbox escaping...
Macromedia ColdFusion authentication bypass
Some AdminAPI API functionality is available without authentication...
CVE-2006-2364
Cross-site scripting XSS vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an...
Cross site scripting
Cross-site scripting XSS vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an...
CVE-2006-2364
Cross-site scripting XSS vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an...
Macromedia ColdFusion MX application server crossite scripting
Crossite scripting with error pages...
FarCry XSS vuln.
FarCry XSS vuln. Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/farcry-xss-vuln.html vendor:http://farcry.daemon.com.au/ affected version:3.0 and prior Product Description: FarCry is an open source Content Management System CMS, originally...
Macromedia ColdFusion MX Path Disclosure Vulnerability
A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests port 8500 are received by the server, an error message is returned containing the full path of the ColdFusion installation. OpenVAS...
CVE-2002-1700
CVE-2002-1700 describes a cross-site scripting (XSS) flaw in the missing template handler of Macromedia ColdFusion MX. The vulnerability arises because the HTTP request parameter for the template name is not filtered, allowing an attacker to inject script that is echoed in a 404 error message and...
CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
[SA15050] Macromedia ColdFusion Error Page Cross-Site Scripting
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Macromedia ColdFusion Error Page Cross-Site Scripting...
CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm"...
Macromedia Coldfusion MX application server information leak
Compilde JAVA pages are stored in the Web accessible directory...
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT...