CVE-2008-0643
- EPSS 2.11%
- Veröffentlicht 12.03.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:02
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- EPSS 3.05%
- Veröffentlicht 12.03.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:03
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
CVE-2008-1203
- EPSS 15.48%
- Veröffentlicht 12.03.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:13
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
CVE-2007-5905
- EPSS 13.08%
- Veröffentlicht 15.11.2007 20:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:00
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a sessi...
CVE-2007-1874
- EPSS 0.84%
- Veröffentlicht 11.04.2007 22:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:28
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuil...
CVE-2007-1278
- EPSS 25.62%
- Veröffentlicht 16.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:16
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a...
CVE-2006-5860
- EPSS 3.19%
- Veröffentlicht 14.02.2007 02:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:01
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-5859
- EPSS 3.02%
- Veröffentlicht 14.02.2007 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:01
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, To...
CVE-2007-0817
- EPSS 8.34%
- Veröffentlicht 07.02.2007 11:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:21
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
- EPSS 12.91%
- Veröffentlicht 31.12.2006 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:32:01
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.