Search criteria
72 vulnerabilities found for coldfusion by macromedia
CVE-2003-1469 (GCVE-0-2003-1469)
Vulnerability from cvelistv5 – Published: 2007-10-24 23:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7443"
},
{
"name": "http://www.nii.co.in/vuln/pdmac.html",
"refsource": "MISC",
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1469",
"datePublished": "2007-10-24T23:00:00",
"dateReserved": "2007-10-24T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3979 (GCVE-0-2006-3979)
Vulnerability from cvelistv5 – Published: 2006-08-09 10:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using \"programmatic access\" to the adminAPI instead of the ColdFusion Administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using \"programmatic access\" to the adminAPI instead of the ColdFusion Administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016660"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-10.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3979",
"datePublished": "2006-08-09T10:00:00",
"dateReserved": "2006-08-04T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2364 (GCVE-0-2006-2364)
Vulnerability from cvelistv5 – Published: 2006-05-15 16:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a \"_required\" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a \"_required\" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2364",
"datePublished": "2006-05-15T16:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4345 (GCVE-0-2005-4345)
Vulnerability from cvelistv5 – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4345",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4342 (GCVE-0-2005-4342)
Vulnerability from cvelistv5 – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4342",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4343 (GCVE-0-2005-4343)
Vulnerability from cvelistv5 – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4343",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4344 (GCVE-0-2005-4344)
Vulnerability from cvelistv5 – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4344",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2505 (GCVE-0-2004-2505)
Vulnerability from cvelistv5 – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2505",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2330 (GCVE-0-2004-2330)
Vulnerability from cvelistv5 – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10743/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2330",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2331 (GCVE-0-2004-2331)
Vulnerability from cvelistv5 – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10743/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2331",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2306 (GCVE-0-2005-2306)
Vulnerability from cvelistv5 – Published: 2005-07-19 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014489"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2306",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1514 (GCVE-0-2001-1514)
Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to \"operating system,\" does not properly pass security context to (1) child processes created with \u003cCFEXECUTE\u003e and (2) child processes that call the CreateProcess function and are executed with \u003cCFOBJECT\u003e or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to \"operating system,\" does not properly pass security context to (1) child processes created with \u003cCFEXECUTE\u003e and (2) child processes that call the CreateProcess function and are executed with \u003cCFOBJECT\u003e or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1514",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:51:24.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1469 (GCVE-0-2003-1469)
Vulnerability from nvd – Published: 2007-10-24 23:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/319867"
},
{
"name": "coldfusion-mx-path-disclosure(11879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879"
},
{
"name": "7443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7443"
},
{
"name": "http://www.nii.co.in/vuln/pdmac.html",
"refsource": "MISC",
"url": "http://www.nii.co.in/vuln/pdmac.html"
},
{
"name": "3307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1469",
"datePublished": "2007-10-24T23:00:00",
"dateReserved": "2007-10-24T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3979 (GCVE-0-2006-3979)
Vulnerability from nvd – Published: 2006-08-09 10:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using \"programmatic access\" to the adminAPI instead of the ColdFusion Administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using \"programmatic access\" to the adminAPI instead of the ColdFusion Administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21421"
},
{
"name": "1016660",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016660"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-10.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"name": "ADV-2006-3224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"name": "coldfusion-adminapi-auth-bypass(28294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"name": "19426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3979",
"datePublished": "2006-08-09T10:00:00",
"dateReserved": "2006-08-04T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2364 (GCVE-0-2006-2364)
Vulnerability from nvd – Published: 2006-05-15 16:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a \"_required\" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a \"_required\" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060510 yet more XSS in older versions of ColdFusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"name": "17938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17938"
},
{
"name": "coldfusion-error-message-xss(26508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"name": "894",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2364",
"datePublished": "2006-05-15T16:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4345 (GCVE-0-2005-4345)
Vulnerability from nvd – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4345",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4342 (GCVE-0-2005-4342)
Vulnerability from nvd – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4342",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4343 (GCVE-0-2005-4343)
Vulnerability from nvd – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4343",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4344 (GCVE-0-2005-4344)
Vulnerability from nvd – Published: 2005-12-17 23:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4344",
"datePublished": "2005-12-17T23:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2505 (GCVE-0-2004-2505)
Vulnerability from nvd – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040417 Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html"
},
{
"name": "coldfusion-file-upload-dos(15895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15895"
},
{
"name": "10163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2505",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2330 (GCVE-0-2004-2330)
Vulnerability from nvd – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10743/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2330",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2331 (GCVE-0-2004-2331)
Vulnerability from nvd – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10743/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html"
},
{
"name": "coldfusion-mx-sandbox-bypass(14984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14984"
},
{
"name": "9521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9521"
},
{
"name": "10743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10743/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2331",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2306 (GCVE-0-2005-2306)
Vulnerability from nvd – Published: 2005-07-19 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16081"
},
{
"name": "1014489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014489"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2306",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2006-3979
Vulnerability from fkie_nvd - Published: 2006-08-09 10:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 7.0 | |
| macromedia | coldfusion | 7.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "12A00698-4449-4D11-801F-BCB3AA14BFBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using \"programmatic access\" to the adminAPI instead of the ColdFusion Administrator."
},
{
"lang": "es",
"value": "La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticaci\u00f3n usando \"acceso program\u00e1tico\" a la adminAPI en vez del Administrador ColdFusion."
}
],
"id": "CVE-2006-3979",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-09T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21421"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016660"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19426"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2364
Vulnerability from fkie_nvd - Published: 2006-05-15 16:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B3D372-BD14-4FF9-802B-116CAE39E596",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a \"_required\" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message."
}
],
"id": "CVE-2006-2364",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-15T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/894"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17938"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/433819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4345
Vulnerability from fkie_nvd - Published: 2005-12-19 03:47 - Updated: 2025-04-03 01:03
Severity ?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges."
},
{
"lang": "es",
"value": "Adobe (antes Macromedia) ColdFusion MX 7.0 expone la huella digital (\u0027hash\u0027) de la contrase\u00f1a de administrador en una llamada API, lo que permite a desarrolladores locales obtener la huella digital y ganar privilegios."
}
],
"id": "CVE-2005-4345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-19T03:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4342
Vulnerability from fkie_nvd - Published: 2005-12-19 03:47 - Updated: 2025-04-03 01:03
Severity ?
Summary
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 6.0 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B79C39FD-D9A0-4CA4-BF37-D94D9F20E4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C65BE0-32FA-4D51-AA2B-E7D630470D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*",
"matchCriteriaId": "88FB2C4B-E22D-4469-AD12-403A8E8B260C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*",
"matchCriteriaId": "5E448558-A9F6-4506-AA6D-688C73CEC61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
},
{
"lang": "es",
"value": "ColdFusion Sandbox en Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0, no lanza una excepci\u00f3n si el SecurityManager est\u00e1 inhabilitado, lo que podr\u00eda permitir a atacantes remotos \"evitar controles de seguridad\", tcc \"Vulnerabilidad de Seguridad de Caja de Arena de JRun Agrupado\""
}
],
"id": "CVE-2005-4342",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-19T03:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4344
Vulnerability from fkie_nvd - Published: 2005-12-19 03:47 - Updated: 2025-04-03 01:03
Severity ?
Summary
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
},
{
"lang": "es",
"value": "Adobe (antes Macromedia) ColdFusion MX 7.0 no respeta que la configuraci\u00f3n CFOBJECT/CreateObject (Java) est\u00e9 inhabilitada, lo que permite a usuarios locales crear un objeto a pesar de la configuraci\u00f3n especificada."
}
],
"id": "CVE-2005-4344",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-19T03:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4343
Vulnerability from fkie_nvd - Published: 2005-12-19 03:47 - Updated: 2025-04-03 01:03
Severity ?
Summary
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 6.0 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B79C39FD-D9A0-4CA4-BF37-D94D9F20E4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C65BE0-32FA-4D51-AA2B-E7D630470D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*",
"matchCriteriaId": "88FB2C4B-E22D-4469-AD12-403A8E8B260C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*",
"matchCriteriaId": "5E448558-A9F6-4506-AA6D-688C73CEC61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
},
{
"lang": "es",
"value": "Adobe (antes Macromedia) ColdFusion MX 6.0, 6.1, 6.1 con JRun, y 7.0 permiten a atacantes remotos adjuntar ficheros de su elecci\u00f3n y enviar correo mediante un un campo \"Subject\" artesanal, que no es manejado adecuadamente por la etiqueta CFMAIL en aplicaciones que usan ColdFurion, tcc \"Vulnerabilidad de inyecci\u00f3n CFMAIL\"."
}
],
"id": "CVE-2005-4343",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-19T03:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2306
Vulnerability from fkie_nvd - Published: 2005-07-19 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| macromedia | coldfusion | 6.1 | |
| macromedia | coldfusion | 7.0 | |
| macromedia | jrun | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C65BE0-32FA-4D51-AA2B-E7D630470D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "921E5A6D-8476-401B-9A18-BDBC07CA1CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4361030D-230A-45CD-AC84-9603DADC75BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users."
},
{
"lang": "es",
"value": "\"Race condition\" en Macromedia JRun 4.0, ColdFusion MX 6.1 y 7.0 cuando est\u00e1n bajo carga pesada, provocan que JRun asigne una autentifcaci\u00f3n duplicada a sesiones m\u00faltiples, lo que podr\u00eda permitir que usuarios autentificados obtengan privilegios como otros usuarios."
}
],
"id": "CVE-2005-2306",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16081"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}