Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

AdobeColdfusion

13 matches found

CVE•added 2013/01/17 12:55 a.m.•1059 views

CVE-2013-0632

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploit...

10CVSS8.1AI score0.92524EPSS

CVE•added 2013/01/09 1:55 a.m.•1023 views

CVE-2013-0629

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.

7.5CVSS9.3AI score0.80964EPSS

CVE•added 2013/01/09 1:55 a.m.•950 views

CVE-2013-0631

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.

7.5CVSS8.9AI score0.78752EPSS

CVE•added 2013/01/09 1:55 a.m.•948 views

CVE-2013-0625

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

9.8CVSS9.8AI score0.8656EPSS

CVE•added 2013/05/09 12:31 p.m.•129 views

CVE-2013-3336

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

5CVSS6.6AI score0.85888EPSS

CVE•added 2013/09/20 4:55 p.m.•59 views

CVE-2010-5290

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vul...

10CVSS9.1AI score0.94334EPSS

CVE•added 2013/04/10 3:48 a.m.•52 views

CVE-2013-1388

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.

7.5CVSS6.5AI score0.01848EPSS

CVE•added 2013/07/10 10:55 a.m.•52 views

CVE-2013-3349

Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.

5CVSS6.6AI score0.00689EPSS

CVE•added 2013/05/16 11:45 a.m.•49 views

CVE-2013-1389

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

10CVSS7.6AI score0.21562EPSS

CVE•added 2013/04/10 3:48 a.m.•47 views

CVE-2013-1387

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.

7.5CVSS6.5AI score0.01848EPSS

CVE•added 2013/07/10 10:55 a.m.•46 views

CVE-2013-3350

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

10CVSS6.7AI score0.01608EPSS

CVE•added 2013/11/13 1:55 a.m.•41 views

CVE-2013-5326

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related ...

3.5CVSS5.5AI score0.00493EPSS

CVE•added 2013/11/13 1:55 a.m.•39 views

CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.

7.8CVSS6.9AI score0.00955EPSS