RSS   Vulnerabilities for 'Coldfusion fusebox'   RSS

2005-08-05
 
CVE-2005-2481

 

 
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.

 
 
CVE-2005-2480

 

 
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

 

 >>> Vendor: Macromedia 19 Products
Coldfusion server
Coldfusion
Dreamweaver
Matrix screen saver
Shockwave flash plugin
Studio
JRUN
Flash
Flash player
Shockwave flash
Sitespring
Shockwave
Coldfusion professional
Director
Contribute
Coldfusion fusebox
Breeze
Flash communication server
Flash media server


Copyright 2024, cxsecurity.com

 

Back to Top