Adobe

Coldfusion

190 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-5860

  • EPSS 1.95%
  • Published 14.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3

CVE-2006-5859

  • EPSS 2.35%
  • Published 14.02.2007 01:28:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, To...

4.3

CVE-2007-0817

  • EPSS 4.25%
  • Published 07.02.2007 11:28:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

5

CVE-2006-5858

  • EPSS 5.69%
  • Published 31.12.2006 05:00:00
  • Last modified 09.04.2025 00:30:58

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

5

CVE-2006-6482

  • EPSS 1.34%
  • Published 12.12.2006 20:28:00
  • Last modified 09.04.2025 00:30:58

Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/a...

2.6

CVE-2006-6483

  • EPSS 2%
  • Published 12.12.2006 20:28:00
  • Last modified 09.04.2025 00:30:58

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as de...

4.6

CVE-2006-3978

  • EPSS 0.4%
  • Published 10.10.2006 22:07:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.

5

CVE-2006-4724

  • EPSS 1.97%
  • Published 14.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.

4.6

CVE-2006-4725

  • EPSS 0.25%
  • Published 14.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.

2.6

CVE-2006-4726

  • EPSS 2.04%
  • Published 14.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.