Show filters
59 Total Results
Displaying 31-40 of 59
Sort by:
Attacker Value
Unknown

CVE-2008-5946

Disclosure Date: January 22, 2009 (last updated October 04, 2023)
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
0
Attacker Value
Unknown

CVE-2007-1278

Disclosure Date: March 16, 2007 (last updated October 04, 2023)
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
0
Attacker Value
Unknown

CVE-2006-5860

Disclosure Date: February 14, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
0
Attacker Value
Unknown

CVE-2006-5858

Disclosure Date: December 31, 2006 (last updated October 04, 2023)
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
0
Attacker Value
Unknown

CVE-2005-2783

Disclosure Date: September 02, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.
0
Attacker Value
Unknown

CVE-2005-2401

Disclosure Date: July 27, 2005 (last updated February 22, 2025)
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
0
Attacker Value
Unknown

CVE-2005-2306

Disclosure Date: July 19, 2005 (last updated February 22, 2025)
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
0
Attacker Value
Unknown

CVE-2005-0345

Disclosure Date: May 02, 2005 (last updated February 22, 2025)
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
0
Attacker Value
Unknown

CVE-2004-1478

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
0
Attacker Value
Unknown

CVE-2004-2438

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.
0