Show filters
36 Total Results
Displaying 11-20 of 36
Sort by:
Attacker Value
Unknown

CVE-2009-1875

Disclosure Date: August 18, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.
0
0
Attacker Value
Unknown

CVE-2009-1872

Disclosure Date: August 18, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
0
0
Attacker Value
Unknown

CVE-2009-1877

Disclosure Date: August 18, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
0
0
Attacker Value
Unknown

CVE-2008-0643

Disclosure Date: March 12, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2008-1203

Disclosure Date: March 12, 2008 (last updated October 04, 2023)
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
0
0
Attacker Value
Unknown

CVE-2008-0644

Disclosure Date: March 12, 2008 (last updated October 04, 2023)
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
0
0
Attacker Value
Unknown

CVE-2007-5905

Disclosure Date: November 15, 2007 (last updated October 04, 2023)
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
0
0
Attacker Value
Unknown

CVE-2007-1874

Disclosure Date: April 11, 2007 (last updated October 04, 2023)
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
0
0
Attacker Value
Unknown

CVE-2007-1278

Disclosure Date: March 16, 2007 (last updated October 04, 2023)
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
0
0
Attacker Value
Unknown

CVE-2006-5860

Disclosure Date: February 14, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
0
0
View More Topics  < Previous  Next >