Macromedia Coldfusion
25 CVEs affecting Macromedia Coldfusion. Latest disclosed: 2006-08-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2004-2331 | Medium | 5.5 | 2004-12-31 | ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to… |
CVE-2006-3979 | | 2006-08-09 | The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrato… | |
CVE-2006-2364 | | 2006-05-15 | Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web scrip… | |
CVE-2005-4345 | | 2005-12-19 | Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash a… | |
CVE-2005-4344 | | 2005-12-19 | Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an o… | |
CVE-2005-4343 | | 2005-12-19 | Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subjec… | |
CVE-2005-4342 | | 2005-12-19 | ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled… | |
CVE-2005-2306 | | 2005-07-19 | Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple ses… | |
CVE-2005-1555 | | 2005-05-10 | Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, wh… | |
CVE-2005-1022 | | 2005-05-02 | ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive inf… | |
CVE-2004-2505 | | 2004-12-31 | Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumptio… | |
CVE-2004-2330 | | 2004-12-31 | ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | |
CVE-2004-2204 | | 2004-12-31 | Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct una… | |
CVE-2004-1478 | | 2004-12-31 | JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP sess… | |
CVE-2004-0646 | | 2004-12-23 | Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose log… | |
CVE-2004-0928 | | 2004-10-05 | The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source fi… | |
CVE-2004-0407 | | 2004-06-01 | The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial o… | |
CVE-2004-1816 | | 2004-03-15 | Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allow… | |
CVE-2004-1815 | | 2004-03-15 | Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers t… | |
CVE-2003-1469 | | 2003-12-31 | The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path… |