Adobe

Coldfusion

226 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.11%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 16.06.2026 22:50:02

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • EPSS 3.05%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 16.06.2026 22:50:03

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

  • EPSS 15.48%
  • Veröffentlicht 12.03.2008 00:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:13

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

  • EPSS 13.08%
  • Veröffentlicht 15.11.2007 20:46:00
  • Zuletzt bearbeitet 16.06.2026 22:47:00

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a sessi...

  • EPSS 0.84%
  • Veröffentlicht 11.04.2007 22:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:28

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuil...

  • EPSS 25.62%
  • Veröffentlicht 16.03.2007 20:19:00
  • Zuletzt bearbeitet 16.06.2026 22:37:16

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a...

  • EPSS 3.19%
  • Veröffentlicht 14.02.2007 02:28:00
  • Zuletzt bearbeitet 16.06.2026 22:32:01

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • EPSS 3.02%
  • Veröffentlicht 14.02.2007 01:28:00
  • Zuletzt bearbeitet 16.06.2026 22:32:01

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, To...

  • EPSS 8.34%
  • Veröffentlicht 07.02.2007 11:28:00
  • Zuletzt bearbeitet 16.06.2026 22:36:21

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

  • EPSS 12.91%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:32:01

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.