CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...

ColdFusion password.properties Hash Extraction

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ColdFusion 'password.properties' Hash Extraction", 'Description' = %q This module uses a directory traversal vulnerability to extract information...

Fix Coming for Flash Vulnerability Under Attack

Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation...

CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...

Code injection

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components CFC public methods via WebSockets...

Adobe ColdFusion Authentication Bypass (APSB13-13)

The version of Adobe ColdFusion running on the remote host has an authentication bypass vulnerability. When RDS is disabled and not configured with password protection, it is possible to authenticate as an administrative user without providing a username or password. A remote, unauthenticated...

ColdFusion 'password.properties' Hash Extraction

This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 auto-detect. This module requires Metasploit: https://metasploit.com/download Current...

ColdFusion 9 / 10 Remote Root Exploit

ColdFusion version 9 and 10 remote root zero day exploit !/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m"...

ColdFusion 9-10 - Credential Disclosure

!/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m" red = "\x1b1;31m" clear = "\x1b0m" print...

ColdFusion 9 / 10 Remote Root

!/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m" red = "\x1b1;31m" clear = "\x1b0m" print...

Adobe ColdFusion 10 on IIS Unspecified DoS (APSB12-25) (credentialed check)

The remote Windows host is running a version of ColdFusion that is affected by an unspecified denial of service. When used with Microsoft IIS, ColdFusion 10 is vulnerable to unspecified denial of service attacks. This vulnerability was introduced in ColdFusion 10 Update 1. C Tenable Network...

CVE-2012-2048

Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors...