Vulnerabilities > Macromedia > Coldfusion > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-09 | CVE-2006-3979 | Authentication Bypass vulnerability in Macromedia Coldfusion 7.0/7.02 The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | 7.2 |
2005-12-19 | CVE-2005-4345 | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | 7.2 |
2005-12-19 | CVE-2005-4342 | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | 7.5 |
2004-12-31 | CVE-2004-2204 | Unspecified vulnerability in Macromedia Coldfusion 6.0/6.1 Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | 7.2 |
2004-12-31 | CVE-2004-1478 | Remote vulnerability in Macromedia JRun JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2002-11-29 | CVE-2002-1309 | Remote Security vulnerability in Macromedia Coldfusion 6.0 Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | 7.5 |
2001-07-11 | CVE-2001-1427 | Unspecified vulnerability in Macromedia Coldfusion Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | 7.5 |