Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38205
Adobe ColdFusion versions 2018u18 (and previous versions), 2021u8 (and previous versions) and 2023u2 (and previous versions) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to a...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
Adobe Coldfusion 2023
5.3
CVSSv3
CVE-2023-38206
Adobe ColdFusion versions 2018u18 (and previous versions), 2021u8 (and previous versions) and 2023u2 (and previous versions) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to a...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
Adobe Coldfusion 2023
NA
CVE-2000-0189
ColdFusion Server 4.x allows remote malicious users to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
NA
CVE-2002-0576
ColdFusion 5.0 and previous versions on Windows systems allows remote malicious users to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Allaire Coldfusion Server 5.0
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.5
NA
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote malicious users to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Macromedia Coldfusion
Macromedia Coldfusion Professional
NA
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote malicious users to read arbitrary files via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion
NA
CVE-2006-5859
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote malicious users to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc...
Adobe Coldfusion 7.0
Adobe Coldfusion 7.0.1
9.8
CVSSv3
CVE-2018-4939
Adobe ColdFusion Update 5 and previous versions versions, ColdFusion 11 Update 13 and previous versions versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
1 Github repository
6.1
CVSSv3
CVE-2018-4941
Adobe ColdFusion Update 5 and previous versions versions, ColdFusion 11 Update 13 and previous versions versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
NA
CVE-2007-5905
Adobe ColdFusion 8 and MX 7 allows remote malicious users to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerabilit...
Adobe Coldfusion 8.0
Adobe Coldfusion 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »