Lucene search
K

19 matches found

GithubExploit
GithubExploit
added 2025/10/28 4:10 a.m.202 views

Exploit for Improper Access Control in Adobe Coldfusion

PoC exploit for CVE-2023-26360, a Remote Code Execution vulnerab...

9.8CVSS7.9AI score0.97339EPSS
Exploits13
GithubExploit
GithubExploit
added 2024/11/25 5:42 p.m.404 views

Exploit for Improper Access Control in Adobe Coldfusion

CVE-2023-26360 Vulnerability Scanner Overview CVE-2023-2...

9.8CVSS9.3AI score0.97339EPSS
Exploits13
Exploit DB
Exploit DB
added 2024/03/11 12:0 a.m.282 views

Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...

9.8CVSS8.8AI score0.97339EPSS
Exploits13
0day.today
0day.today
added 2024/03/11 12:0 a.m.332 views

Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit

Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0 Version: Adobe ColdFusion version...

8.6CVSS8.8AI score0.97339EPSS
Exploits13
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.377 views

Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read

Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...

9.8CVSS7.4AI score0.97339EPSS
Exploits13
Malwarebytes
Malwarebytes
added 2023/12/06 2:15 p.m.38 views

Adobe Coldfusion vulnerability used in attacks on government servers

The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...

5CVSS8.2AI score0.97339EPSS
Exploits13
ICS
ICS
added 2023/12/05 12:0 p.m.71 views

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...

9.8CVSS8.8AI score0.97339EPSS
Exploits13References98
CISA
CISA
added 2023/12/05 12:0 p.m.16 views

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...

9.8CVSS7.2AI score0.97339EPSS
In wildExploits13References4
Hacker One
Hacker One
added 2023/11/11 5:2 p.m.88 views

U.S. Dept Of Defense: Unauthenticated File Read Adobe ColdFusion

A vulnerability allowing unauthenticated arbitrary file read in Adobe ColdFusion was discovered. This could result in unauthorized access to sensitive data on affected systems. The vulnerability impacts ColdFusion versions 2021 Update 5 and earlier, and 2018 Update 15 and earlier. Mitigation is t...

8.6CVSS8.4AI score0.97339EPSS
Exploits13
Malwarebytes
Malwarebytes
added 2023/08/23 12:30 p.m.75 views

Adobe ColdFusion vulnerability exploited in the wild

The Cybersecurity and Infrastructure Security Agency CISA has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this...

7.5CVSS7.9AI score0.97339EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2023/05/05 6:48 p.m.123 views

Metasploit Weekly Wrap-Up

Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...

10CVSS8.3AI score0.97339EPSS
Exploits23
0day.today
0day.today
added 2023/05/02 12:0 a.m.475 views

Adobe ColdFusion Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. This module requires Metasploit:...

8.6CVSS9.2AI score0.97339EPSS
Exploits13
Metasploit
Metasploit
added 2023/04/28 7:43 p.m.680 views

Adobe ColdFusion Unauthenticated Remote Code Execution

This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. Module Options msf use...

9.8CVSS8.8AI score0.97339EPSS
Exploits13
OSV
OSV
added 2023/03/23 8:15 p.m.4 views

CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

8.6CVSS8AI score0.97339EPSS
Exploits13References3
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.19 views

CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

8.6CVSS8.8AI score0.97339EPSS
Exploits13References2
CVE
CVE
added 2023/03/23 12:0 a.m.1072 views

CVE-2023-26360

Adobe ColdFusion CVE-2023-26360 is an Improper Access Control vulnerability that could enable arbitrary code execution in the context of the current user. Affected products include ColdFusion 2018 Update 15 and earlier and ColdFusion 2021 Update 5 and earlier; exploitation does not require user i...

9.8CVSS8.9AI score0.97339EPSS
In wildExploits13References3Affected Software1
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.32 views

CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

8.6CVSS8.9AI score0.97339EPSS
Exploits13References2
The Hacker News
The Hacker News
added 2023/03/16 4:47 a.m.163 views

CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...

3.6AI score0.97339EPSS
Exploits13
The Hacker News
The Hacker News
added 2023/03/16 4:47 a.m.8 views

CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...

9.8CVSS7.5AI score0.97339EPSS
Exploits13
Rows per page
Query Builder