6 matches found
CVE-2018-4939
creationtimestamp| type| source ---|---|--- 2020-10-20 15:57:21+00:00| seen| MISP/42d04e94-bf5b-427d-acc8-f5d740675941 2020-10-20 15:58:03+00:00| seen| MISP/d925a2ee-e7cf-46f6-bec1-ad8e19122730 2020-10-21 08:33:50+00:00| seen| MISP/5f850411-c103-491f-abff-9421425403cf 2020-10-28 02:58:38+00:00|...
Adobe ColdFusion DataServicesCFProxy Insecure Deserialization (CVE-2018-4939)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ColdFusion RCE(CVE-2018-4939)
In October 2017 I published an overview and video proof-of-concept of a Java RMI/deserialization vulnerability affecting the Flex Integration service of Adobe ColdFusion. I held off on publishing all of the details and exploit code at the time because I spotted an additional exploit payload that...
CVE-2018-4939
Adobe ColdFusion is affected by CVE-2018-4939 due to a Deserialization of Untrusted Data vulnerability in Update 5 and earlier (and ColdFusion 11 Update 13 and earlier). The issue arises from insecure deserialization in the DataServicesCFProxy/integration flow, enabling arbitrary code execution u...
CVE-2018-4939
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution...
Adobe ColdFusion 11.x < 11u14 / 2016.x < 2016u6 Multiple Vulnerabilities (APSB18-14)
The version of Adobe ColdFusion running on the remote Windows host is 11.x prior to update 14 or 2016.x prior to update 6. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109017; scriptversion"1.9";...