VYPR

ColdFusion MX

by Adobe Inc.

CVEs (5)

  • CVE-2008-1203Mar 12, 2008
    risk 0.01cvss epss 0.15

    The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

  • CVE-2007-5905Nov 15, 2007
    risk 0.01cvss epss 0.13

    Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.

  • CVE-2008-4831Nov 10, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.

  • CVE-2008-0644Mar 12, 2008
    risk 0.00cvss epss 0.03

    Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

  • CVE-2008-0643Mar 12, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.