Vulnerabilities > Adobe > Coldfusion > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-15 | CVE-2007-5905 | Credentials Management vulnerability in Adobe Coldfusion 7.0/8.0 Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | 6.8 |
| 2007-03-16 | CVE-2007-1278 | Denial Of Service vulnerability in Adobe Coldfusion and Jrun Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | 4.3 |
| 2007-02-14 | CVE-2006-5860 | Cross-Site Scripting vulnerability in Adobe Coldfusion and Jrun Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2007-02-14 | CVE-2006-5859 | Cross-Site Scripting vulnerability in Adobe Coldfusion 7.0/7.0.1 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | 4.3 |
| 2007-02-07 | CVE-2007-0817 | Cross-Site Scripting vulnerability in Adobe Coldfusion 6.1/7.0.1/7.0.2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. network adobe | 4.3 |
| 2006-12-31 | CVE-2006-5858 | Information Exposure vulnerability in Adobe Coldfusion and Jrun Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | 5.0 |
| 2006-12-12 | CVE-2006-6482 | Input Validation vulnerability in Adobe Coldfusion 7.0 Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. | 5.0 |
| 2006-10-10 | CVE-2006-3978 | Local Privilege Escalation vulnerability in Adobe Coldfusion 7.0/7.0.1/7.0.2 Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | 4.6 |
| 2006-09-14 | CVE-2006-4725 | Unspecified vulnerability in Adobe Coldfusion 7.0/7.0.1 Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | 4.6 |
| 2006-09-14 | CVE-2006-4724 | Denial of Service vulnerability in Adobe ColdFusion Flash Remoting Gateway Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | 5.0 |