Total
149 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5859 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | |||||
CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | |||||
CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. | |||||
CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 6.8 MEDIUM | N/A |
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
CVE-2006-5860 | 1 Adobe | 2 Coldfusion, Jrun | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.6 MEDIUM | N/A |
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | |||||
CVE-2008-0643 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-0644 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 5.0 MEDIUM | N/A |
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | |||||
CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. |