Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adobe coldfusion 7.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-1203
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote malicious users to conduct brute force attacks without detection.
Adobe Coldfusion 7.0
Adobe Coldfusion 8.0
7.5
CVSSv2
CVE-2006-2042
Adobe Dreamweaver 8 prior to 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
Adobe Dreamweaver 7.0
Adobe Dreamweaver 8.0
7.5
CVSSv2
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
7.2
CVSSv2
CVE-2007-1874
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zer...
Adobe Coldfusion 7.0
7.2
CVSSv2
CVE-2005-4345
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Macromedia Coldfusion 7.0
6.8
CVSSv2
CVE-2007-5905
Adobe ColdFusion 8 and MX 7 allows remote malicious users to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerabilit...
Adobe Coldfusion 8.0
Adobe Coldfusion 7.0
5.8
CVSSv2
CVE-2009-1878
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and previous versions allows remote malicious users to hijack web sessions via unspecified vectors.
Adobe Coldfusion 7.2
Adobe Coldfusion 7.0
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0.2
Adobe Coldfusion 7.0.1
Adobe Coldfusion 8.0
Adobe Coldfusion 8.1
Adobe Coldfusion 6.1
Adobe Coldfusion
5
CVSSv2
CVE-2011-0737
Adobe ColdFusion 9.0.1 CHF1 and previous versions allows remote malicious users to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wid...
Adobe Coldfusion 7.0.2
Adobe Coldfusion 8.0
Adobe Coldfusion 9.0
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0
Adobe Coldfusion 5.0
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0.1
Adobe Coldfusion 8.0.1
Adobe Coldfusion
Adobe Coldfusion 8.1
Adobe Coldfusion 9.0.1
Adobe Coldfusion 4.5
5
CVSSv2
CVE-2009-1876
Adobe ColdFusion 8.0.1 and previous versions might allow malicious users to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0
Adobe Coldfusion 7.2
Adobe Coldfusion 8.0
5
CVSSv2
CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote malicious users to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
Adobe Coldfusion 7.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »