Show filters
96 Total Results
Displaying 71-80 of 96
Sort by:
Attacker Value
Unknown
CVE-2009-1877
Disclosure Date: August 18, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
0
Attacker Value
Unknown
CVE-2008-6850
Disclosure Date: July 07, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
Attacker Value
Unknown
CVE-2008-5335
Disclosure Date: December 05, 2008 (last updated October 04, 2023)
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
0
Attacker Value
Unknown
CVE-2008-0643
Disclosure Date: March 12, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
Attacker Value
Unknown
CVE-2008-1203
Disclosure Date: March 12, 2008 (last updated October 04, 2023)
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
0
Attacker Value
Unknown
CVE-2008-0644
Disclosure Date: March 12, 2008 (last updated October 04, 2023)
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
0
Attacker Value
Unknown
CVE-2007-5905
Disclosure Date: November 15, 2007 (last updated October 04, 2023)
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
0
Attacker Value
Unknown
CVE-2007-1874
Disclosure Date: April 11, 2007 (last updated October 04, 2023)
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
0
Attacker Value
Unknown
CVE-2007-1278
Disclosure Date: March 16, 2007 (last updated October 04, 2023)
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
0
Attacker Value
Unknown
CVE-2006-5860
Disclosure Date: February 14, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
0
