Adobe ColdFusion Authentication Bypass (CVE-2013-0632)

An authentication bypass vulnerability has been reported in ColdFusion servers. A remote attacker could trigger this through Remote Development Services RDS or Administrator interfaces if they do not require authentication or through CSRF if APSB12-26 has not been applied...

CVE-2011-4368

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-4368

CVE-2011-4368 concerns an XSS flaw in Adobe ColdFusion’s Remote Development Services (RDS) affecting ColdFusion 8.0–9.0.1. The vulnerability enables remote attackers to inject arbitrary script/HTML in victims’ browsers, via unspecified vectors, within the context of the affected web application. ...

CVE-2011-4368

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Adobe ColdFusion Remote Development Services Enabled Without Authentication

ColdFusion's Remote Development Services allow developers to use IDEs such as Dreamweaver to manage applications. The remote host has RDS enabled without authentication. This means that a remote attacker can read and write files on the affected system. %NASLMINLEVEL 70300 C Tenable Network...

Adobe ColdFusion Remote Development Services

Remote Development Services RDS is enabled on the remote ColdFusion server. RDS allows developers to use IDEs such as Dreamweaver to manage applications. It is recommended that RDS be disabled for production servers and that it be configured to require authentication on development servers. C...