Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia coldfusion 7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows malicious users to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
Macromedia Coldfusion 7.02
Macromedia Coldfusion 7.0
NA
CVE-2005-4344
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
Macromedia Coldfusion 7.0
NA
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
NA
CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote malicious users to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL inje...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
NA
CVE-2005-4345
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Macromedia Coldfusion 7.0
NA
CVE-2005-2306
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
Macromedia Coldfusion 6.1
Macromedia Coldfusion 7.0
Macromedia Jrun 4.0
NA
CVE-2005-1555
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote malicious users to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
Macromedia Coldfusion 7.0
NA
CVE-2004-1815
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote malicious users to cause a denial of service (memory consumption).
Sun One Application Server 7.0
Macromedia Jrun 4.0
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Macromedia Jrun 4.0 Build 61650
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started