Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-2364 |
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. Published: May 15, 2006; 12:06:00 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2004-2505 |
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2001-1514 |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. Published: December 31, 2001; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |