Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-4724
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote malicious users to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0
5
CVSSv2
CVE-2006-2047
Application Dynamics Cartweaver ColdFusion 2.16.11 and previous versions allows remote malicious users to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter...
Application Dynamics Cartweaver Coldfusion 2.16.11
5
CVSSv2
CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote malicious users to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL inje...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Macromedia Coldfusion 7.0
5
CVSSv2
CVE-2005-2481
ColdFusion Fusebox 4.1.0 allows remote malicious users to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Macromedia Coldfusion Fusebox 4.1.0
5
CVSSv2
CVE-2005-1022
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote malicious users to obtain sensitive information.
Macromedia Coldfusion 6.1
5
CVSSv2
CVE-2004-2505
Macromedia ColdFusion MX prior to 6.1 does not restrict the size of error messages, which allows remote malicious users to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Macromedia Coldfusion 5.0
Macromedia Coldfusion 6.0
1 EDB exploit
5
CVSSv2
CVE-2004-2330
ColdFusion MX 6.1 and 6.1 J2EE allows remote malicious users to cause a denial of service via an HTTP request containing a large number of form fields.
Macromedia Coldfusion 6.1
5
CVSSv2
CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote malicious users to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Hitachi Cosminexus Enterprise 01 02 2
Macromedia Jrun 4.0
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
Hitachi Cosminexus Server Web 01-01 1
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
5
CVSSv2
CVE-2004-1815
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote malicious users to cause a denial of service (memory consumption).
Sun One Application Server 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Macromedia Jrun 4.0
Macromedia Jrun 4.0 Build 61650
5
CVSSv2
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote malicious users to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Macromedia Coldfusion 6.0
Macromedia Coldfusion Professional
Macromedia Coldfusion
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »