138 matches found
CVE-2024-39379
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that...
Adobe ColdFusion Access Control Error Vulnerability (CNVD-2024-34094)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from an Access Control Error vulnerability that originates from improper acces...
CVE-2024-34112
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...
CVE-2024-34112 ColdFusion CFDOCUMENT file retrieval / access control bypass
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...
Adobe ColdFusion < 2021.x < 2021u14 / 2023.x < 2023u8 Multiple Vulnerabilities (APSB24-41)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 14 or 2023.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-41 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2024-20767 CVE-2024-20767https://nvd.nist.gov/vuln...
CVE-2024-20767
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interactio...
CVE-2024-20767
CVE-2024-20767 affects Adobe ColdFusion 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier) due to an Improper Access Control weakness that allows an attacker to perform an arbitrary file system read when the admin panel is internet-exposed. Multiple sources confirm public exploitation a...
Adobe ColdFusion < 2021.x < 2021u13 / 2023.x < 2023u7 Vulnerability (APSB24-14)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 13 or 2023.x update 7. It is, therefore, affected by a vulnerability as referenced in the APSB24-14 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...
BIT-MAGENTO-2021-28584 Magento Commerce path traversal vulnerability in child theme store creation
Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required...
CVE-2023-26367
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26367
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
Input validation
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
Design/Logic Flaw
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
Adobe Commerce SSRF Vulnerability
Adobe Commerce is the United States of America Odobie Adobe company of a business and brand-oriented digital commerce solutions. Adobe Commerce suffers from an SSRF vulnerability that can be exploited by an attacker to cause arbitrary file system reads...