7 matches found
📄 Adobe ColdFusion 2023.6 Remote File Read
Adobe ColdFusion version 2023.6 suffers from a remote file read vulnerability. Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767...
Adobe ColdFusion 2023.6 - Remote File Read
Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...
Metasploit Wrap-Up 05/10/2024
Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORDSPRAY module option. This work was completed in pull request 19079 from nrathaus as well as an additional update from our developers . When the password spraying option is set, the order of...
Exploit for Improper Access Control in Adobe Coldfusion
Proof of Concept script for CVE-2024-20767 Overview get-...
CVE-2024-20767
creationtimestamp| type| source ---|---|--- 2024-03-18 13:21:35+00:00| seen| https://t.me/ctinow/210495 2024-03-18 13:26:38+00:00| seen| https://t.me/ctinow/210496 2024-03-26 06:53:59+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6855 2024-03-26 08:54:10+00:00|...
CVE-2024-20767
CVE-2024-20767 affects Adobe ColdFusion 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier) due to an Improper Access Control weakness that allows an attacker to perform an arbitrary file system read when the admin panel is internet-exposed. Multiple sources confirm public exploitation a...
Adobe ColdFusion < 2021.x < 2021u13 / 2023.x < 2023u7 Vulnerability (APSB24-14)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 13 or 2023.x update 7. It is, therefore, affected by a vulnerability as referenced in the APSB24-14 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...