Adobe

Coldfusion

208 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2008-4831

  • EPSS 0.26%
  • Veröffentlicht 10.11.2008 14:12:55
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.

7.5

CVE-2008-1656

  • EPSS 4.66%
  • Veröffentlicht 09.04.2008 19:05:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

4.3

CVE-2008-0643

  • EPSS 2.8%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5

CVE-2008-0644

  • EPSS 1.88%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

7.5

CVE-2008-1203

  • EPSS 7.44%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

6.8

CVE-2007-5905

  • EPSS 5.43%
  • Veröffentlicht 15.11.2007 20:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a sessi...

7.2

CVE-2007-1874

  • EPSS 0.15%
  • Veröffentlicht 11.04.2007 22:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuil...

4.3

CVE-2007-1278

  • EPSS 4.86%
  • Veröffentlicht 16.03.2007 20:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a...

4.3

CVE-2006-5860

  • EPSS 2.02%
  • Veröffentlicht 14.02.2007 02:28:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3

CVE-2006-5859

  • EPSS 2.44%
  • Veröffentlicht 14.02.2007 01:28:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, To...