what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 97 RSS Feed

Files

Adobe ColdFusion 7 Cross Site Scripting
Posted Sep 27, 2011
Authored by MustLive

Adobe ColdFusion versions 7 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 2ccd4259b49d3c5a585be5893ffc080df3ab2abf68b634f4feb4cf7bb5aaa8f4

Related Files

Secunia Security Advisory 21858
Posted Sep 13, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | a0e23465f6fc1c537a88d0b2f7411f18cb1a3d0dd7fac869842a57d22ff2daf2
Secunia Security Advisory 21421
Posted Aug 10, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in ColdFusion, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | 961301202e6f378969fcaeaecfe84daf30d3b54300a3d116f826a91295d697bd
cfxss5.txt
Posted May 21, 2006
Authored by zuxncwaruio

ColdFusion versions 5 and below suffer from cross site scripting issues.

tags | advisory, xss
SHA-256 | b092d3c6c0240ca67b4b6b52e85555ebfbf47cb9a1d9d825d810625730ae97e8
dreamweaverSQL.txt
Posted May 21, 2006
Authored by Brian Gallagher

There are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.

tags | advisory, local, php, vulnerability, code execution, sql injection, asp
advisories | CVE-2006-2042
SHA-256 | 6c80933df047c88e4e1b3386dca76b098173d9418dac98e2aa8eaa1b4e1b429a
Secunia Security Advisory 18078
Posted Dec 16, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Macromedia ColdFusion, which can be exploited by malicious people to bypass certain security restrictions, or by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions.

tags | advisory, local, vulnerability
SHA-256 | 4253614f74b18826ac049b15cbd98f9b17e7cd7ed80aede7c79707c50ebb45c6
MPSB05-03.txt
Posted Aug 7, 2005
Site macromedia.com

The default error page in the optional-use JRun Web Server bundled with ColdFusion MX 7 is vulnerable to a cross-site scripting attack.

tags | advisory, web, xss
SHA-256 | bb38ddfad4cb7a4de8cbe47b2786b4499b2ffc34117037b3d15edf6bdd252b0f
Macromedia_Coldfusion_7.0.txt
Posted Jun 1, 2005
Authored by Dr. Insane

A vulnerability exists in Macromedia ColdFusion 7.0 which allows a remote attacker to execute arbitrary HTML and script code to a users browser session.

tags | advisory, remote, arbitrary
SHA-256 | b7e5adbb8cca2e19fa11f114f83ccae2400d714542e19d777713e7dbe4d4ba6f
Secunia Security Advisory 15050
Posted May 29, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Dr_insane has discovered a vulnerability in Macromedia ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 9f13ebf93b57e91386b10bad18b603df5780491e10f7f2c4a5b9ce6415ea5e3f
mpsb05-02.txt
Posted Apr 17, 2005
Authored by Macromedia Security Zone | Site macromedia.com

ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class files, meaning that this basically provides access to sourcecode.

tags | advisory, java, web
SHA-256 | d7b1b3c859d12c04a0f3ca16ffb18db9f291e9677461b7c104d32ba9e93f52e3
Secunia Security Advisory 14881
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sean Waddell has reported a security issue in Macromedia ColdFusion MX, which can be exploited by malicious people to disclose some potentially sensitive information.

tags | advisory
SHA-256 | bd89a5f7a18f42a8f94895ab1a3bcb1cf1b7c497a6a815a6a125bd29f3857434
10.05.04a.txt
Posted Oct 13, 2004
Site idefense.com

iDEFENSE Security Advisory 10.05.04a - Remote exploitation of an input validation error in ColdFusion MX 6.1 on IIS could allow the disclosure of file contents.

tags | advisory, remote
advisories | CVE-2004-0928
SHA-256 | fd507748f94cc27272f79517d78ed5964de85870490377c5e0b090c42e1de35f
Secunia Security Advisory 12693
Posted Oct 13, 2004
Authored by Secunia, Eric Lackey | Site secunia.com

Secunia Security Advisory - A vulnerability in ColdFusion MX 6.x can be exploited by malicious, authenticated users to bypass certain security restrictions.

tags | advisory
SHA-256 | 74ae7e2c810574e794e10732952cb2c363c604bedcad9221c0c69c62c564f66b
coldfusionmx61.txt
Posted Oct 7, 2004
Authored by Eric Lackey

There is a vulnerability in ColdFusion MX 6.1 when a user can create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled.

tags | exploit
SHA-256 | b35cc809e881359da234ac0dce6ce8d8cc7a7743cecbf5078cdcc0b3ca19a324
cfdos.txt
Posted Apr 17, 2004
Authored by K. K. Mookhey | Site nii.co.in

ColdFusion MX versions 6.0 and below suffer from a denial of service vulnerability when memory usage gets saturated due to an oversized string being returned as part of an error message.

tags | advisory, denial of service
SHA-256 | 619d02fdd2afd7d22cc8e5417214549294b00a682f1dafc88add6159e988ecf4
soapy.txt
Posted Mar 17, 2004
Authored by Amit Klein | Site SanctumInc.com

Multiple vendors suffer from a denial of service vulnerability in their SOAP servers. Products affected: Macromedia ColdFusion/MX 6.0 and 6.1, ColdFusion/MX 6.0 and 6.1 J2EE, all editions of Macromedia JRun 4.0, and Sun Java System Application Server 7 Update 2 Upgrade and prior releases.

tags | advisory, java, denial of service
SHA-256 | edfd88863f29ed6adcb5fa19d6baa42407918c5ba0a3e4f0296be2a21ea83fbd
coldfusionXSS.txt
Posted Oct 16, 2003
Authored by Lorenzo Hernandez Garcia-Hierro | Site nsrg-security.com

ColdFusion servers suffer from a SQL injection vulnerability due to cross site scripting.

tags | advisory, xss, sql injection
SHA-256 | cd0a66f33d0eaf7647128be1451bcfa6c41612b461d14ff1bc9da61edf1e61a3
coldfusion.txt
Posted Sep 25, 2003
Authored by T.Hara | Site scan-web.com

Macromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.

tags | advisory, xss
SHA-256 | a735d602394b50e656bc281563c0a6fa0a3b76a6ea07c95001ca5055469a229a
0006_AP.CF-rds-dump.txt
Posted Jul 6, 2003
Authored by Victim1, rs2112 | Site angrypacket.com

The ColdFusion Server versions 4.5 and 5 suffer from multiple vulnerabilities. They range from the default RDS password being blank by default to allowing a normal remote user to reconfigure their website properties to put and get any file on the server.

tags | exploit, remote, vulnerability
SHA-256 | faa0a31742d24a814cbf24ab9f645633cf615b253c7800154079460c4cdc420b
eeye.macromedia.txt
Posted Nov 13, 2002
Authored by Riley Hassell | Site eEye.com

Eeye Advisory - Both Macromedia Coldfusion 6.0 and Macromedia JRun 4.0 along with their prior versions are vulnerable to various heap overflows when handling URI filenames larger than 4096 bytes..

tags | overflow
SHA-256 | 90b2b823b8a467f8fa059878b381391c6e1fa419031b09b61b9981944581ebd7
coldfusion.path.txt
Posted Apr 23, 2002
Authored by Peter Grundl

Cold Fusion v5.0 on Windows 2000 w. IIS5 contains a bug because requests for certain DOS-devices are parsed by the isapi filter that handles .cfm and .dbm result in error messages containing the physical path to the web root.

tags | web, root
systems | windows
SHA-256 | e1c8dfbb628e1242d3787672e22d4588966e1ef76382598ce80d04e1ad70f7e9
iss.summary.6.2
Posted Jan 22, 2001
Site xforce.iss.net

ISS Security Alert Summary for January 1, 2001 - Volume 6 Number 2. 115 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: exmh-error-symlink, informix-webdriver-symlink, informix-webdriver-admin-access, zonealarm-mutex-dos, zonealarm-batfile-dos, shockwave-flash-swf-bo, macos-multiple-users, http-cgi-ikonboard, http-cgi-technote-main, xwindows-char-dos, 1stup-mail-server-bo, dialog-symlink, ibm-wcs-admin, http-cgi-technote-print, iis-web-form-submit, hpux-kermit-bo, bsguest-cgi-execute-commands, bslist-cgi-execute-commands, infinite-interchange-dos, oracle-execute-plsql, ksh-redirection-symlink, oracle-webdb-admin-access, infinite-interchange-dos, gnupg-detached-sig-modify, gnupg-reveal-private, zonealarm-nmap-scans, zonealarm-open-shares, win2k-index-service-activex, proftpd-size-memory-leak, weblogic-dot-bo, mdaemon-imap-dos, zope-calculate-roles, itetris-svgalib-path, bsd-ftpd-replydirname-bo, sonata-command-execute, solaris-catman-symlink, solaris-patchadd-symlink, stunnel-format-logfile, hp-top-sys-files, zope-legacy-names, mrj-runtime-malicious-applets, coffeecup-ftp-weak-encryption, watchguard-soho-fragmented-packets, jpilot-perms, mediaservices-dropped-connection-dos, watchguard-soho-web-auth, watchguard-soho-passcfg-reset, http-cgi-simplestguest, safeword-palm-pin-extraction, mdaemon-lock-bypass-password, cisco-catalyst-ssh-mismatch, microsoft-iis-file-disclosure, ezshopper-cgi-file-disclosure, winnt-mstask-dos, bftpd-site-chown-bo, aim-remote-bo, subscribemelite-gain-admin-access, zope-image-file, http-cgi-everythingform, http-cgi-simplestmail, http-cgi-ad, kde-kmail-weak-encryption, aolim-buddyicon-bo, aim-remote-bo, rppppoe-zero-length-dos, proftpd-modsqlpw-unauth-access, gnu-ed-symlink, oops-ftputils-bo, oracle-oidldap-write-permission, foolproof-security-bypass, broadvision-bv1to1-reveal-path, ssldump-format-strings, coldfusion-sample-dos, kerberos4-arbitrary-proxy, kerberos4-auth-packet-overflow, kerberos4-user-config, kerberos4-tmpfile-dos, homeseer-directory-traversal, offline-explorer-reveal-files, imail-smtp-auth-dos, apc-apcupsd-dos, cisco-catalyst-telnet-dos, ultraseek-reveal-path, irc-dreamforge-dns-dos, mailman-alternate-templates, markvision-printer-driver-bo, nt-ras-reg-perms, nt-snmp-reg-perms, nt-mts-reg-perms, irc-bitchx-dns-bo, ibm-db2-gain-access, ibm-db2-dos, vsu-source-routing, vsu-ip-bridging, ftp-servu-homedir-travers, cisco-cbos-web-access, watchguard-soho-get-dos, phone-book-service-bo, cisco-cbos-syn-packets, cisco-cbos-invalid-login, cisco-cbos-icmp-echo, linux-diskcheck-race-symlink, ie-form-file-upload, mssql-xp-paraminfo-bo, majordomo-auth-execute-commands, ie-print-template, aix-piobe-bo, aix-pioout-bo, aix-setclock-bo, aix-enq-bo, aix-digest-bo, and aix-setsenv-bo.

tags | remote, web, overflow, arbitrary, cgi, vulnerability, imap, activex
systems | cisco, linux, windows, solaris, bsd, aix, hpux
SHA-256 | 5e663d9821efd059b23f294cdfa745ad9b5a6aab6c5de4ec2febfa417d586623
asb00-22.httpd32.exe
Posted Aug 8, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-22) - The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.

tags | web, arbitrary
SHA-256 | 2e4dba4b3e3601fabfdae51279f4c30ef7e87c6037ef6c8e010dc33bac2435b9
asb00-21.webfind.exe
Posted Aug 8, 2000
Site allaire.com

The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.

tags | web, arbitrary
SHA-256 | 30697db1811fa4cbf55ba5b89a7168185e239ed8e5c867a77d2f19ea38b70850
asb00-20.absentdirectory
Posted Aug 8, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-20) - Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, vulnerability
SHA-256 | c452c9f99992333457e1fa65b182fed52baf14b3311afbe5bb5d098e78289dbc
asb00-16.storedperm
Posted Jul 25, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-16) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.

SHA-256 | c09e5fa63dd1b5c76a1b94a54a56022ab41e099dbb5740045e1926ea083d38b7
Page 3 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close