Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Max CVSS
5.0
EPSS Score
2.26%
Published
2004-12-31
Updated
2017-07-11
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Max CVSS
5.5
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-01-25
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Max CVSS
5.0
EPSS Score
1.71%
Published
2004-12-31
Updated
2017-07-11
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Max CVSS
7.2
EPSS Score
0.06%
Published
2004-12-31
Updated
2017-07-11
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
Max CVSS
7.5
EPSS Score
0.34%
Published
2004-12-31
Updated
2008-09-05
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
Max CVSS
5.0
EPSS Score
30.66%
Published
2004-03-15
Updated
2017-07-11
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Max CVSS
7.5
EPSS Score
0.99%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
Max CVSS
4.3
EPSS Score
0.44%
Published
2004-12-31
Updated
2017-07-11
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Max CVSS
5.0
EPSS Score
13.89%
Published
2004-10-05
Updated
2017-07-11
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
Max CVSS
10.0
EPSS Score
8.23%
Published
2004-12-23
Updated
2017-07-11
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
Max CVSS
2.6
EPSS Score
1.27%
Published
2004-06-01
Updated
2017-07-11
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
Max CVSS
5.0
EPSS Score
0.77%
Published
2004-01-05
Updated
2017-07-11
13 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!