2 matches found
CVE-2005-4074
The CVE-2005-4074 entry describes a directory traversal vulnerability in CF_Nuke 4.6 and earlier. When Sandbox Security is disabled, remote attackers can cause local .cfm files to be included via a ".." in the (1) sector or (2) page parameters. The connected documents provide this exact vulnerabi...
CVE-2005-4075
CVE-2005-4075 corresponds to multiple cross-site scripting (XSS) vulnerabilities in index.cfm of CF_Nuke 4.6 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the news sector parameters (1) topic and (2) newsid, and the links sector parameter (3) cat. The d...