The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
6.7AI Score
0.0004EPSS
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
7AI Score
0.003EPSS
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
7.2AI Score
0.086EPSS
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
6.8AI Score
0.0004EPSS
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
7AI Score
0.006EPSS