CVE-2022-42343 Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...

CVE-2022-42343

CVE-2022-42343 affects Adobe Campaign Classic (versions 7.3.1 and earlier; 8.3.9 and earlier) with a Server-Side Request Forgery (SSRF) flaw that allows a low-privilege authenticated attacker to cause arbitrary file-system reads by injecting arbitrary URLs. The vulnerability arises from insuffici...

CVE-2022-42343

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...

CVE-2022-42340

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-38424

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

Path traversal

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

Xxe

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-42341 Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-42341 Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

CVE-2022-42340 Adobe ColdFusion Improper Input Validation Arbitrary file system read

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-38419 Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

CVE-2022-38419

CVE-2022-38419 affects Adobe ColdFusion Update 14 (and earlier) and Update 4 (and earlier) with an XML External Entity (XXE) vulnerability that could cause arbitrary file system reads. Exploitation requires no user interaction. Public records highlight a fix path via APSB22-44 security updates fo...

Adobe ColdFusion XML External Entity Injection Vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

APSB22-44: Security updates available for ColdFusion

Adobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve Critical, Important and Moderate vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation...

APSB22-25 : Security update available for Adobe Bridge

Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, arbitrary file system write and memory leak...

Magento Path Traversal vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...

GHSA-7GPV-XRJR-F5H4 Magento Path Traversal vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...