Adobe

Coldfusion

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-1876

  • EPSS 1.48%
  • Veröffentlicht 18.08.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."

4.3

CVE-2009-1877

  • EPSS 0.67%
  • Veröffentlicht 18.08.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

5.8

CVE-2009-1878

  • EPSS 0.28%
  • Veröffentlicht 18.08.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

7.2

CVE-2008-4831

  • EPSS 0.18%
  • Veröffentlicht 10.11.2008 14:12:55
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.

7.5

CVE-2008-1656

  • EPSS 4.66%
  • Veröffentlicht 09.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

4.3

CVE-2008-0643

  • EPSS 2.8%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5

CVE-2008-0644

  • EPSS 1.88%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

7.5

CVE-2008-1203

  • EPSS 7.44%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

6.8

CVE-2007-5905

  • EPSS 5.43%
  • Veröffentlicht 15.11.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a sessi...

7.2

CVE-2007-1874

  • EPSS 0.15%
  • Veröffentlicht 11.04.2007 22:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuil...