The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
Max CVSS
7.5
EPSS Score
8.61%
Published
2000-01-01
Updated
2018-05-03
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
Max CVSS
6.4
EPSS Score
0.58%
Published
2000-11-14
Updated
2017-10-10
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
Max CVSS
5.0
EPSS Score
0.25%
Published
2000-01-04
Updated
2008-09-10
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
Max CVSS
4.6
EPSS Score
0.05%
Published
2000-01-04
Updated
2008-09-10
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-04-24
Updated
2008-09-10
5 vulnerabilities found