VYPR

ColdFusion MX 7

by Adobe Inc.

CVEs (12)

  • CVE-2007-1874Apr 11, 2007
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.00

    Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3)…

  • CVE-2007-1278Mar 16, 2007
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

  • CVE-2006-5859Feb 14, 2007
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

  • CVE-2006-6483Dec 12, 2006
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.02

    Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script"…

  • CVE-2006-4726Sep 14, 2006
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.

  • CVE-2006-4725Sep 14, 2006
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.00

    Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.

  • CVE-2006-4724Sep 14, 2006
    Adobe Inc.
    Coldfusion
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.

  • CVE-2006-3979Aug 9, 2006
    Macromedia
    Coldfusion
    risk 0.00cvss epss 0.00

    The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

  • CVE-2005-4342Dec 19, 2005
    Macromedia
    Coldfusion
    risk 0.00cvss epss 0.01

    ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

  • CVE-2005-4344Dec 19, 2005
    Macromedia
    Coldfusion
    risk 0.00cvss epss 0.00

    Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

  • CVE-2005-4343Dec 19, 2005
    Macromedia
    Coldfusion
    risk 0.00cvss epss 0.01

    Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection…

  • CVE-2005-4345Dec 19, 2005
    Macromedia
    Coldfusion
    risk 0.00cvss epss 0.00

    Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.