Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia coldfusion vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2004-0646
Buffer overflow in the WriteToLog function for JRun 3.0 up to and including 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote malicious users to execute arbitrary code via a long HTTP header Content-Type fie...
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Macromedia Jrun 4.0
Macromedia Jrun 3.0
Macromedia Jrun 3.1
10
CVSSv2
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function an...
Macromedia Coldfusion 5.0
Macromedia Coldfusion 4.5
7.5
CVSSv2
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
7.5
CVSSv2
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Hitachi Cosminexus Enterprise 01 02 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
7.5
CVSSv2
CVE-2002-1309
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote malicious users to execute arbitrary via an HTTP GET request with a long .cfm file name.
Macromedia Coldfusion 6.0
7.5
CVSSv2
CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote malicious users to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable i...
Macromedia Coldfusion Server 4.x
7.5
CVSSv2
CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 up to and including 4.5.1 SP2 allows remote malicious users to overwrite templates with zero byte files via unknown attack vectors.
Macromedia Coldfusion 4.0
Macromedia Coldfusion 4.0.1
Macromedia Coldfusion 3.0.1
Macromedia Coldfusion 3.1
Macromedia Coldfusion 4.5.1
Macromedia Coldfusion 2.0
Macromedia Coldfusion 3.0
Macromedia Coldfusion 4.5
Macromedia Coldfusion 3.1.1
Macromedia Coldfusion 3.1.2
7.2
CVSSv2
CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows malicious users to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
Macromedia Coldfusion 7.0
Macromedia Coldfusion 7.02
7.2
CVSSv2
CVE-2005-4345
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Macromedia Coldfusion 7.0
7.2
CVSSv2
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »