EUVD-2006-6465

Malware in sbrugna...

ColdFusion MX7信息泄露及跨站脚本漏洞

Macromedia ColdFusion MX是一个功能强大的商业性质的WEB应用服务器。 ColdFusion在处理用户请求时存在多个安全漏洞，远程攻击者可利用漏洞获得敏感信息。 远程攻击者向ColdFusion提交以下格式结束的无效请求，就会导致在返回结果中泄漏服务器路径： /.jws /.cfm /.cfml /.cfc 如果没有提供主机直接/CFIDE/administrator/login.cfm页面，就可以在href标签中获得服务器的内部IP地址。 此外，提交恶意的URL请求，可进行跨站脚本攻击。 Adobe ColdFusion MX 7.00...

ColdFusion MX7多个信息泄露及跨站脚本漏洞

ColdFusion MX是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 ColdFusion在处理用户请求时存在多个安全漏洞，远程攻击者可能利用这些漏洞获取服务器相关的敏感信息。 如果远程攻击者能够向ColdFusion提交以以下格式结束的无效请求的话，就会导致在返回结果中泄漏服务器路径： /.jws /.cfm /.cfml /.cfc...

CVE-2006-6482

Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request 1 for a non-existent a JWS, b CFM, c CFML, or d CFC file, which displays the installation path in the resulting error message; or 2 to /CFIDE/administrator/login.cfm without a host, which can reveal the...

CVE-2006-6482

CVE-2006-6482 affects Adobe ColdFusion MX7. The issue allows remote disclosure of sensitive information via URL requests: (1) requesting non-existent files (JWS, CFM, CFML, or CFC) causes error messages revealing the installation path; (2) accessing /CFIDE/administrator/login.cfm without a host c...

ColdFusion MX7 multiple security vulnerabilities

Information leak, crossite scripting protection bypass...

CVE-2005-4495

SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both...

CVE-2005-4495

SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both...

CVE-2005-4495

The advisory concerns SpireMedia mx7, specifically the index.cfm script, where the cid parameter is vulnerable to SQL injection. The root cause is untrusted input used in SQL queries, enabling remote attackers to potentially run arbitrary SQL commands. Some sources also suggest this may illuminat...

PT-2005-5178 · Spiremedia · Spiremedia Mx7

Name of the Vulnerable Software and Affected Versions: SpireMedia mx7 affected versions not specified Description: A SQL injection issue in index.cfm allows remote attackers to potentially execute arbitrary SQL commands via the cid parameter. This might also lead to path disclosure from invalid S...