Lucene search

K
MacromediaColdfusion7.0

7 matches found

CVE
CVE
added 2005/07/19 4:0 a.m.49 views

CVE-2005-2306

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

3.7CVSS7.2AI score0.00016EPSS
CVE
CVE
added 2005/05/14 4:0 a.m.38 views

CVE-2005-1555

Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.

4.3CVSS6AI score0.00203EPSS
CVE
CVE
added 2005/12/19 3:47 a.m.37 views

CVE-2005-4342

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

7.5CVSS7.2AI score0.00986EPSS
CVE
CVE
added 2005/12/19 3:47 a.m.37 views

CVE-2005-4343

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

5CVSS7.3AI score0.01472EPSS
CVE
CVE
added 2005/12/19 3:47 a.m.34 views

CVE-2005-4345

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

7.2CVSS7AI score0.00013EPSS
CVE
CVE
added 2006/08/09 10:4 a.m.34 views

CVE-2006-3979

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

7.2CVSS7.3AI score0.0002EPSS
CVE
CVE
added 2005/12/19 3:47 a.m.33 views

CVE-2005-4344

Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

2.1CVSS6.6AI score0.00022EPSS