Lucene search
K
MacromediaColdfusion

24 matches found

CVE
CVE
added 2007/10/24 11:0 p.m.90 views

CVE-2003-1469

The CVE: CVE-2003-1469 affects Macromedia ColdFusion MX. The default configuration enables Robust Exception Information, which allows remote attackers to obtain the web server’s full path via a direct request to CFIDE/probe.cfm, leaking the path in an error message. Affected component is the CFID...

5CVSS6.5AI score0.06722EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.79 views

CVE-2002-1700

CVE-2002-1700 describes a cross-site scripting (XSS) flaw in the missing template handler of Macromedia ColdFusion MX. The vulnerability arises because the HTTP request parameter for the template name is not filtered, allowing an attacker to inject script that is echoed in a 404 error message and...

4.3CVSS6.4AI score0.24274EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.77 views

CVE-2004-0928

The CVE-2004-0928 family affects Adobe JRun 4.x servers (and ColdFusion MX 6.0/6.1/J2EE) when running with IIS, where a crafted request ending in ";.cfm" can bypass authentication and disclose script/source content (e.g., .asp, .pl, .php). Connected advisories describe URL handling flaws that tri...

5CVSS6.9AI score0.04075EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.65 views

CVE-2004-0646

CVE-2004-0646: A buffer overflow exists in Macromedia JRun’s Apache connectors mod_jrun and mod_jrun20 WriteToLog when verbose logging is enabled. A remote attacker can trigger via long header fields (e.g., Content-Type) to execute arbitrary code. Affects JRun 3.0–4.0 with the Apache connectors; ...

10CVSS7.8AI score0.07104EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.64 views

CVE-2005-2306

The CVE describes a race condition in Macromedia JRun 4.0 and ColdFusion MX 6.1/7.0 where under heavy load JRun may assign a duplicate authentication token to multiple sessions. This could allow authenticated users to gain privileges as other users. Affected components include JRun 4.0 and ColdFu...

3.7CVSS7.2AI score0.00368EPSS
CVE
CVE
added 2002/11/21 5:0 a.m.60 views

CVE-2002-1309

The vulnerability CVE-2002-1309 is a heap-based buffer overflow in the error-handling path of the IIS ISAPI handler for Macromedia ColdFusion 6.0. An unauthenticated remote attacker could trigger arbitrary code execution by sending an HTTP GET request with a long .cfm filename. The description an...

7.5CVSS8.2AI score0.01991EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.57 views

CVE-2004-1478

CVE-2004-1478 concerns JRun 4.0 where improper generation/handling of JSESSIONID enables remote attackers to perform session fixation and hijack HTTP sessions. Root cause: insecure/JSESSIONID management. Impact: remote session hijacking via fixation. Exploitation details are not provided beyond t...

7.5CVSS6.7AI score0.03405EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.54 views

CVE-2002-1992

The CVE-2002-1992 entry concerns ColdFusion MX: a buffer overflow in jrun.dll when ColdFusion runs with IIS 4/5, enabling remote denial of service via either a long template file name or a long HTTP header. Affected software is ColdFusion MX (jrun.dll) on IIS environments. The underlying cause is...

5CVSS7.3AI score0.01767EPSS
CVE
CVE
added 2004/04/17 4:0 a.m.54 views

CVE-2004-0407

The CVE concerns ColdFusion MX 6.1: HTML form upload does not reclaim disk space when uploads are interrupted, enabling a remote attacker to perform a denial of service via repeated interrupted uploads. Affected component is the upload handling; root cause is improper disk space reclamation after...

2.6CVSS6.8AI score0.01532EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.52 views

CVE-2004-2331

Summary of CVE-2004-2331 (ColdFusion MX 6.1 / 6.1 J2EE): Local users could bypass sandbox security and access sensitive information by using Java reflection to reach trusted Java objects without invoking CreateObject or the cfobject tag. The issue affects ColdFusion MX 6.1 and ColdFusion MX 6.1 J...

5.5CVSS6.6AI score0.00673EPSS
CVE
CVE
added 2005/12/17 11:0 p.m.51 views

CVE-2005-4343

CVE-2005-4343 affects Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0. The vulnerability stems from how the CFMAIL tag handles the Subject field, allowing remote attackers to attach arbitrary files and send mail through applications that use ColdFusion. This is describe...

5CVSS7.3AI score0.01487EPSS
CVE
CVE
added 2005/03/22 5:0 a.m.50 views

CVE-2001-1427

Technical details of CVE-2001-1427 are not publicly available in the provided documents. Please monitor for updates from official advisories; current sources describe an unknown vulnerability in ColdFusion Server 2.0–4.5.1 SP2 without specifics.

7.5CVSS7AI score0.01913EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.50 views

CVE-2004-1815

CVE-2004-1815 affects ColdFusion MX 6.0/6.1 and JRun 4.0 where a SOAP web service expecting an array of objects as an argument can trigger a denial of service via memory exhaustion. The connected advisory (CPAI-2004-114) indicates the issue involves how Apache Axis handles SOAP arrays within requ...

5CVSS6.7AI score0.01591EPSS
CVE
CVE
added 2005/05/14 4:0 a.m.50 views

CVE-2005-1555

CVE-2005-1555 affects the JRun Web Server component of ColdFusion MX 7.0. The vulnerability is a cross-site scripting (XSS) flaw where an attacker can inject arbitrary script or HTML through the request URL because the URL is not properly quoted in the server’s default 404 error page. This is a c...

4.3CVSS6AI score0.01164EPSS
CVE
CVE
added 2006/05/15 4:0 p.m.50 views

CVE-2006-2364

CVE-2006-2364 is an XSS vulnerability affecting Macromedia ColdFusion 5 and earlier. The issue arises in the validation feature: if a related normal field is missing or empty, the _required field is not sanitized before being rendered in an error message, allowing remote script/HTML injection. Th...

5.8CVSS5.7AI score0.01282EPSS
CVE
CVE
added 2005/12/17 11:0 p.m.49 views

CVE-2005-4342

CVE-2005-4342 describes a vulnerability in Adobe/Macromedia ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 where the Sandbox does not throw an exception when the SecurityManager is disabled. The underlying issue is a failure to enforce sandbox security, which, according to the description, may al...

7.5CVSS7.2AI score0.017EPSS
CVE
CVE
added 2005/12/17 11:0 p.m.49 views

CVE-2005-4345

CVE-2005-4345 affects Adobe ColdFusion MX 7.0. The vulnerability arises because the Administrator password hash is exposed via an API call, allowing local developers to obtain the hash and gain privileges. This is documented in the NVD entry for CVE-2005-4345. The connected data confirms the affe...

7.2CVSS7AI score0.00358EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.48 views

CVE-2001-1514

CVE-2001-1514 affects ColdFusion 4.5 and 5 on Windows when the advanced security sandbox type is set to operating system. The issue is that security context is not properly passed to child processes created with or to those that call CreateProcess and are run via or end with the CFX extension, ...

10CVSS7.4AI score0.01422EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.46 views

CVE-2004-2505

CVE-2004-2505 affects Macromedia ColdFusion MX prior to 6.1. The issue arises because error messages are not restricted in size, which can be exploited to cause a denial of service through repeated GET/POST requests that trigger large error outputs. The provided documents specify the affected pro...

5CVSS7.1AI score0.03201EPSS
CVE
CVE
added 2005/04/09 4:0 a.m.45 views

CVE-2005-1022

CVE-2005-1022 affects ColdFusion 6.1 Updater 1, where Java .class files are placed under the web root in /WEB-INF/cfclasses. This configuration allows a remote attacker to obtain sensitive information exposed by those class files. The NVD entry documents a public impact of partial confidentiality...

5CVSS6.9AI score0.01693EPSS
CVE
CVE
added 2006/08/09 10:0 a.m.45 views

CVE-2006-3979

CVE-2006-3979 affects ColdFusion MX 7 AdminAPI, where attackers can bypass authentication by using programmatic access to the adminAPI instead of the ColdFusion Administrator. The NVD entry assigns a CVSSv2 base score of 7.2 (HIGH) with local attack vector, low attack complexity, no authenticatio...

7.2CVSS7.3AI score0.00404EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.44 views

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server is affected when running with CreateObject or CFOBJECT enabled, allowing local users to perform unauthorized activities and potentially obtain administrative passwords by creating CFML scripts that leverage those features. The reports do not...

7.2CVSS6.8AI score0.00346EPSS
CVE
CVE
added 2005/12/17 11:0 p.m.43 views

CVE-2005-4344

CVE-2005-4344 affects Adobe ColdFusion MX 7.0. The root cause is that the CFOBJECT /CreateObject(Java) configuration is not honored when disabled, allowing local users to create an object despite the setting. The NVD data indicates a low overall risk (CVSS v2 base score 2.1) with local attack vec...

2.1CVSS6.6AI score0.00382EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.36 views

CVE-2004-2330

Technical details about CVE-2004-2330 are not publicly provided in the supplied documents; no specific vulnerable components, versions beyond ColdFusion MX 6.1/6.1 J2EE are described here. Monitor for updates.

5CVSS7AI score0.01591EPSS