EUVD-2004-0407

Malware in sbrugna...

CVE-2004-2330

Technical details about CVE-2004-2330 are not publicly provided in the supplied documents; no specific vulnerable components, versions beyond ColdFusion MX 6.1/6.1 J2EE are described here. Monitor for updates.

CVE-2004-2331

Summary of CVE-2004-2331 (ColdFusion MX 6.1 / 6.1 J2EE): Local users could bypass sandbox security and access sensitive information by using Java reflection to reach trusted Java objects without invoking CreateObject or the cfobject tag. The issue affects ColdFusion MX 6.1 and ColdFusion MX 6.1 J...

CVE-2004-0928

The CVE-2004-0928 family affects Adobe JRun 4.x servers (and ColdFusion MX 6.0/6.1/J2EE) when running with IIS, where a crafted request ending in ";.cfm" can bypass authentication and disclose script/source content (e.g., .asp, .pl, .php). Connected advisories describe URL handling flaws that tri...

coldfusionmx61.txt

Software: Macromedia ColdFusion MX 6.1 Description: There is a vulnerability in the ColdFusion MX 6.1 product. To exploit this, a user needs access to create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled. The code given below writes a java class to the...

CFMX vulnerability

Software: Macromedia ColdFusion MX 6.1 Description: There is a vulnerability in the ColdFusion MX 6.1 product. To exploit this, a user needs access to create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled. The code given below writes a java class to the...