10 matches found
EUVD-2006-3972
Malware in sbrugna...
CVE-2008-0644
Adobe ColdFusion MX 7.x (7.00, 7.01, 7.02) and ColdFusion 8 are affected by a cross‑site scripting bypass via the setEncoding function. The Seebug entry confirms remote attackers can trigger XSS through inadequate handling of CGI variables and setEncoding, with the impact being bypassed XSS prote...
CVE-2007-1874
CVE-2007-1874 affects Adobe ColdFusion MX 7 for Linux and Solaris. The vulnerability stems from insecure permissions on specific scripts and directories (including CFMX7DreamWeaverExtensions.mxp, CFReportBuilderInstaller.exe, .com.zerog.registry.xml, uninstall.lax, license.txt, Readme.htm, k2admi...
JVN#28356427 ColdFusion cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...
CVE-2006-3978
The CVE-2006-3978 entry covers an unspecified vulnerability in a Verity third‑party library used by Adobe ColdFusion MX 7 through MX 7.0.2 (and possibly other products). The vulnerability is described as allowing local users to execute arbitrary code via unknown attack vectors, i.e., a local priv...
CVE-2006-4725
Adobe ColdFusion MX 7 and 7.01 are affected by an issue that allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates located outside the sandbox. Affected product: ColdFusion MX 7/7.01. Underlying cause: sandbox bypass enabling access to C...
CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator...
CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator...
CVE-2006-3979
CVE-2006-3979 affects ColdFusion MX 7 AdminAPI, where attackers can bypass authentication by using programmatic access to the adminAPI instead of the ColdFusion Administrator. The NVD entry assigns a CVSSv2 base score of 7.2 (HIGH) with local attack vector, low attack complexity, no authenticatio...
New Macromedia Security Zone Bulletin Posted
IMPORTANT: A new security bulletin describes a configuration problem that may affect ColdFusion installations. To learn about this new issue and what actions you can take to address it, please visit the Macromedia Security Zone: http://www.macromedia.com/go/mpsb05-03 MPSB05-03 ColdFusion MX 7...