QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1874

Published: Apr 11, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

http://www.adobe.com/support/security/bulletins/apsb07-08.html

x_refsource_CONFIRM

20070410 Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability

third-party-advisory

x_refsource_IDEFENSE

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

coldfusion-verity-privilege-escalation(33571)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.