1149 matches found
CVE-2004-1893
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a...
CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service memory consumption and crash by sending repeated GET or POST requests that trigger error messages that use long strings of data...
PT-2004-3225 · Adobe · Coldfusion Mx
Name of the Vulnerable Software and Affected Versions: ColdFusion MX versions 6.1 and 6.1 J2EE Description: The issue allows local users to bypass sandbox security restrictions and obtain sensitive information. This is achieved by using Java reflection methods to access trusted Java objects witho...
coldfusionmx61.txt
Software: Macromedia ColdFusion MX 6.1 Description: There is a vulnerability in the ColdFusion MX 6.1 product. To exploit this, a user needs access to create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled. The code given below writes a java class to the...
Macromedia ColdFusion MX 6.1 - Template Handling Privilege Escalation
Macromedia ColdFusion MX 6.1 - Template Handling Privilege Escalation source: https://www.securityfocus.com/bid/11316/info Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a...
CFMX vulnerability
Software: Macromedia ColdFusion MX 6.1 Description: There is a vulnerability in the ColdFusion MX 6.1 product. To exploit this, a user needs access to create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled. The code given below writes a java class to the...
[SA12647] ColdFusion MX Sensitive Information Disclosure and Denial of Service
TITLE: ColdFusion MX Sensitive Information Disclosure and Denial of Service SECUNIA ADVISORY ID: SA12647 VERIFY ADVISORY: http://secunia.com/advisories/12647/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS WHERE: From remote SOFTWARE: Macromedia ColdFusion MX 6.x...
MailEnable SMTP Connector Service DNS MX Response DoS
According to its banner, the remote host is running at least one instance of MailEnable's SMTP Connector service. A flaw exists in both the Standard Edition 1.7x and Professional Edition 1.2x/1.5a-e that results in this service crashing if it receives a DNS response with over 100 MX records. A...
CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service disk consumption by repeatedly uploading files and interrupting the uploads before they finish...
Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX
Name: Denial of Service Vulnerability in ColdFusion MX Systems Affected: Version 6.0 and earlier Severity: Medium-High Category: Denial of Service Vendor URL: Macromedia ColdFusion MX Discovered by: Network Intelligence I Pvt. Ltd. www.nii.co.in Online location: http://www.nii.co.in/vuln/cfdos.ht...
ColdFusion MX file uploading and error messages memory leak
Memory leak on terminated file upload and oversized error message...
CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service disk consumption by repeatedly uploading files and interrupting the uploads before they finish...
Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service source: https://www.securityfocus.com/bid/10163/info A denial of service vulnerability has been reported in Macromedia ColdFusion MX that is reported to occur when the software attempts to write oversized error messages. The...
MPSB04-06 - Security Patch available for ColdFusion MX 6.1 File Upload Denial of service
IMPORTANT: A security issue that may affect ColdFusion MX 6.1 customers has come to our attention recently. To learn about this new issue and what actions you can take to address it, please visit the Macromedia Security Zone: http://www.macromedia.com/security MPSB04-06 - Security Patch available...
CVE-2004-1815
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service memory consumption...
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...
MPSB03-05 Patch and Work Around for Dreamweaver MX, DRK, and UltraDev Server Behaviors
In-Reply-To: [email protected] Thank you again for bringing this to the attention of Macromedia. The issues have been resolved. More information and the necessary patches are available at: http://www- staging.macromedia.com/devnet/security/securityzone/mpsb03-05.html MPSB03-...
Macromedia DW MX PHP Authentication Suit Vulnerabilities
------------------- Product: PHP Authentication Suit for DreamWeaver Vendor: Macromedia Versions: VULNERABLE - DreamWeaver MX 6.0 - All the PHP Auth systems created with this - Variables : ALL LIKE accessdenied NOT VULNERABLE - ? --------------------- Description: The PHP User Authentication Suit...
Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting
Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting source: https://www.securityfocus.com/bid/8339/info It is possible to create an authentication or access control page, using Dreamweaver MX PHP Authentication Suite. This script will generate an error page that...
ColdFusion MX Remote Development Service Exploit
Exploit for unknown platform in category remote exploits ================================================ ColdFusion MX Remote Development Service Exploit ================================================ !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN...