Coldfusion@7.0 Security Vulnerabilities and Issues — Coldfusion@7.0 CVE List

Lucene search

AdobeColdfusion7.0

5 matches found

CVE•added 2007/02/14 2:28 a.m.•48 views

CVE-2006-5860

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.6AI score0.02328EPSS

CVE•added 2007/11/15 8:46 p.m.•43 views

CVE-2007-5905

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.

6.8CVSS6.7AI score0.0543EPSS

CVE•added 2007/03/16 8:19 p.m.•42 views

CVE-2007-1278

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

4.3CVSS6.6AI score0.04573EPSS

CVE•added 2007/04/11 10:19 p.m.•40 views

CVE-2007-1874

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4...

7.2CVSS7AI score0.00172EPSS

CVE•added 2007/02/14 1:28 a.m.•33 views

CVE-2006-5859

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

4.3CVSS5.8AI score0.02799EPSS