19 matches found
Exploit for Improper Access Control in Adobe Coldfusion
PoC exploit for CVE-2023-26360, a Remote Code Execution vulnerab...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2023-26360 Vulnerability Scanner Overview CVE-2023-2...
Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...
Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0 Version: Adobe ColdFusion version...
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...
U.S. Dept Of Defense: Unauthenticated File Read Adobe ColdFusion
A vulnerability allowing unauthenticated arbitrary file read in Adobe ColdFusion was discovered. This could result in unauthorized access to sensitive data on affected systems. The vulnerability impacts ColdFusion versions 2021 Update 5 and earlier, and 2018 Update 15 and earlier. Mitigation is t...
Adobe ColdFusion vulnerability exploited in the wild
The Cybersecurity and Infrastructure Security Agency CISA has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this...
Metasploit Weekly Wrap-Up
Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...
Adobe ColdFusion Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. This module requires Metasploit:...
Adobe ColdFusion Unauthenticated Remote Code Execution
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. Module Options msf use...
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution
Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2023-26360
Adobe ColdFusion CVE-2023-26360 is an Improper Access Control vulnerability that could enable arbitrary code execution in the context of the current user. Affected products include ColdFusion 2018 Update 15 and earlier and ColdFusion 2021 Update 5 and earlier; exploitation does not require user i...
CVE-2023-26360 Adobe ColdFusion Improper Access Control Arbitrary code execution
Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...