Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2010-0185
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote malicious users to obtain collection metadata, search information, and index data via a request to an unspecified URL.
Adobe Coldfusion 9.0
445
VMScore
CVE-2009-1876
Adobe ColdFusion 8.0.1 and previous versions might allow malicious users to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0
Adobe Coldfusion 7.2
Adobe Coldfusion 8.0
445
VMScore
CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote malicious users to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
Adobe Coldfusion 7.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion 8.0
445
VMScore
CVE-2007-3339
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote malicious users to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/...
Fusetalk Fusetalk 4.0
Fusetalk Fusetalk 3.0
Fusetalk Fusetalk 2.0
Fusetalk Fusetalk 3.2
3 EDB exploits
445
VMScore
CVE-2006-5858
Adobe ColdFusion MX 7 up to and including 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote malicious users to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
Adobe Coldfusion
Adobe Jrun 4.0
445
VMScore
CVE-2006-6482
Adobe ColdFusion MX7 allows remote malicious users to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm w...
Adobe Coldfusion 7.0
445
VMScore
CVE-2006-4724
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote malicious users to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0
445
VMScore
CVE-2006-2047
Application Dynamics Cartweaver ColdFusion 2.16.11 and previous versions allows remote malicious users to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter...
Application Dynamics Cartweaver Coldfusion 2.16.11
445
VMScore
CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote malicious users to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL inje...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Macromedia Coldfusion 7.0
445
VMScore
CVE-2005-2481
ColdFusion Fusebox 4.1.0 allows remote malicious users to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Macromedia Coldfusion Fusebox 4.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »