Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-15964
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
Adobe Coldfusion 2018
890
VMScore
CVE-2018-15965
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Adobe Coldfusion 2016
Adobe Coldfusion 11.0
Adobe Coldfusion 2018
445
VMScore
CVE-2002-0576
ColdFusion 5.0 and previous versions on Windows systems allows remote malicious users to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Allaire Coldfusion Server 5.0
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.5
445
VMScore
CVE-2000-0189
ColdFusion Server 4.x allows remote malicious users to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
694
VMScore
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote malicious users to read arbitrary files via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion
445
VMScore
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote malicious users to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Macromedia Coldfusion
Macromedia Coldfusion Professional
383
VMScore
CVE-2020-3767
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
Adobe Coldfusion 2016
Adobe Coldfusion 2018
NA
CVE-2022-38418
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context ...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
NA
CVE-2022-38421
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context ...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
NA
CVE-2022-38424
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitatio...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »